Cybersecurity has emerged as a central battleground for geopolitical, economic, and societal competition. The latest NTT DATA Cyber Threat and Trends Report for the first half of 2025 makes it clear: the issue is no longer who will attack, but rather when, how, and with what objective.
Armed conflicts, diplomatic tensions, and emerging technologies are converging to fuel an agile, decentralized, and resilient cybercriminal ecosystem. Nation-states no longer hide: directly or through affiliated groups, they combine cyberespionage, sabotage, and disinformation campaigns with surgical precision.
The arrival of generative AI has fundamentally changed the game, making it easier than ever for new threat actors to engage in cybercrime. Tools capable of generating deepfakes, cloning voices, and automating phishing campaigns are now widely accessible. Ransomware, which used to be a technical threat, has become an instrument of geopolitical pressure.
The takedown of BreachForums didn’t slow cybercrime—it fueled its decentralization. Underground forums and markets are resurging, reinforced by encrypted channels like TOX or SimpleX, where operations are becoming professionalized and Crime-as-a-Service is delivered with the same customer-centric approach as legitimate startups.
The “Deep” Economy of Digital Crime
The magnitude of these figures is fueling the ongoing surge in attacks. According to Cybersecurity Ventures, the global economic impact is estimated at $10.5 trillion annually, and could approach $15 trillion by year-end if current levels of malicious activity persist.
Every sector is now a high-value target—from public administration and education to finance, manufacturing, and beyond. Segmentation is driven not by ease of attack, but by each sector’s strategic value on the global chessboard.
Risk extends beyond IT environments. Industrial infrastructure, IoT devices, cloud environments, and next-generation mobile networks are all in the crosshairs. The exploitation of critical vulnerabilities within hours of disclosure confirms that response time remains a critical vulnerability for the sector.
A reactive approach is no longer enough. The key now lies in proactive intelligence, early detection, international cooperation, and embedding a cybersecurity culture that becomes day-to-day practice rather than mere slogan. Will organizations and governments invest in proactive, collaborative cybersecurity—or remain stuck in a cycle of crisis response?
A Strategic Playbook for Leaders
The report suggests that the coming months will serve as a “stress test” for the maturity of cybersecurity programs. CISOs and executive teams should focus on five key lines of action.
A solid approach to risk management begins by minimizing the organization’s attack surface. This means implementing Threat-Informed Patch Management, prioritizing critical patches based on the latest threat intelligence, and continuously scanning the perimeter and hybrid cloud environments to proactively identify and remediate exposed assets before attackers can exploit them.
Simultaneously, organizations need to harden defenses against ransomware and multivector threats—advancing toward microsegmentation and zero trust architectures, developing tailored continuity plans for OT and industrial environments, and running realistic recovery simulations that address scenarios such as double extortion and full data encryption.
The third line of action calls for investing in early threat detection capabilities powered by AI. Machine learning models can detect patterns of lateral movement and atypical data exfiltration, while deepfake detection tools anticipate attempts to manipulate audio or video in sensitive processes such as HR, finance, or corporate communications.
Managing reputational risk and countering disinformation campaigns require dedicated, pre-emptive action. Organizations should develop response plans that include internal and external communications, build effective counter-narratives, and sustain round-the-clock monitoring of the dark web and encrypted channels to detect leaks and hostile mentions before they escalate into public crises.
Finally, organizations must elevate cybersecurity to a strategic decision-making level. They must integrate cyber risk metrics into board reporting, build sector alliances to share intelligence and anticipate common threats, and appoint Cyber Crisis Officers capable of orchestrating response at the critical intersection of business and security.
Conclusion: Anticipate the Next Move
Complacency is not an option for the second half of 2025. With rising technical sophistication, a fragmenting cybercriminal ecosystem, and the rapid acceleration of offensive AI, organizations must move decisively from reactive defense to a proactive cyber strategy.
The CISO must move beyond technical stewardship and embrace the role of strategic partner—positioning cybersecurity as a business differentiator and a cornerstone of organizational resilience.
Those who anticipate the next move achieve success on this global chessboard.
Access the full report here