NTT DATA has published its Cybersecurity Trends and Threats Report – 1H 2025, developed by the Cyber Threat Intelligence (CTI) unit, offering an in-depth analysis of the evolving global threat environment along with forward-looking projections for the remainder of the year. Business disruptions continue to have the greatest impact, followed by rising investments in detection and response capabilities and ransom payments resulting from ransomware attacks. These dynamics are driving the relentless increase in the global cost of cybercrime. According to Cybersecurity Ventures, this cost reached a record US$10.5 trillion annually in 2025 and could climb to between US$12 and US$15 trillion by year-end if current malicious activity persists.
The report underscores that 2025 is characterized by a deeply interconnected risk environment, where cyber threats converge with geopolitical instability and extreme climate events, placing critical infrastructure under pressure. Against this backdrop, international cooperation and organizational resilience are vital to confronting a rapidly evolving threat landscape that demands coordinated, adaptive, and intelligence-driven responses.
Among the key trends, state-sponsored activity continues to grow. China has intensified its cyber-espionage operations against strategic sectors such as finance, manufacturing, and media. North Korea and Iran have also scaled up operations that combine espionage, illicit revenue generation, and politically motivated disinformation campaigns.
Generative AI is emerging as a powerful enabler for cybercriminals, used to design highly persuasive and targeted social engineering campaigns, create fake identities and deepfakes, and spread large-scale electoral disinformation. This technology is also driving the automation of attacks, the rapid development of malicious scripts, and the lowering of barriers to entry for less experienced actors.
All industries are now potential targets. The variability of sectoral impact dropped by 8% compared with the previous report, highlighting the widespread vulnerability. In terms of attack volume, public administration remains the most targeted, followed by education, government and public sector, finance, and IT services.
A striking feature of the latest findings is the unprecedented professionalization of cybercrime. Initial Access Brokers — intermediaries selling access to corporate networks — increased their offerings by 15%, directly fueling ransomware operations (up 32%) and data exfiltration.
At the same time, the ransomware-as-a-service model is now firmly established: attackers now outsource phases of their operations, share infrastructure, and recycle resources from disbanded groups. Tools like FraudGPT and WormGPT enable the automated creation of spear-phishing emails, while voice and video cloning technologies make bypassing identity verification easier. The malware-as-a-service market also continues to grow, with millions of stolen credentials being traded daily.
Key insights from the report:
- During critical periods, organizations may allocate up to 40% more of their budgets to incident containment.
- The dark web is undergoing profound changes following the takedown of BreachForums (April 2025), with decentralized markets for stolen data, illicit access, and cybercrime tools taking its place.
- The crime-as-a-service model is booming: in 2025, new underground platforms emerged offering on-demand hacking, DDoS attacks, spam, and SMS flooding through SaaS-style interfaces, complete with technical support and geo-targeting. Such services make it possible for even unskilled actors to launch sophisticated attacks, further democratizing cybercrime and increasing risks for businesses and governments alike.
“It is clear that the question is no longer who will attack, but rather when, how, and with what purpose,” said María Pilar Torres Bruna, Head of Cybersecurity at NTT DATA for Iberia, International Organizations, LATAM, and Consulting in Benelux and France.
“Defense can no longer be reactive. Success depends on proactive intelligence, early detection, international collaboration, and embedding a culture of cybersecurity that moves beyond slogans and translates into consistent, everyday practice,” she concluded.
The "Cybersecurity Trends and Threats Report – 1H 2025" is designed to help business and government leaders anticipate emerging threats and strengthen their resilience.