The IT sector in 2025 entered the top three most attacked industries for the first time, overtaking financial organisations. Moreover, IT companies accounted for the highest share of complex targeted attacks. This data is presented in a report on the global cyber threat landscape, which also records an increase in activity against the government and industrial sectors.
WHICH INDUSTRIES CAME UNDER ATTACK
The report "Anatomy of the Cyber Threat Landscape", prepared by Kaspersky Lab, is based on data from incident monitoring and response services, including Managed Detection and Response, Incident Response and Compromise Assessment.
The most attacked industries were distributed as follows:
- government organisations — 19% of critical incidents;
- industry — 17%;
- IT sector — 15%;
- financial sector — 11%;
- media — 1%.
Incidentally, the IT sector pushed finance out of the top three most attacked industries for the first time.
WHAT TOOLS ARE USED IN ATTACKS
In the government sector, complex targeted attacks (APTs) are the most common — their share amounted to 33%. Attacks using social engineering (19%) are also recorded, indicating the use of employees as an entry point.
In industry, a wider spectrum of threats was recorded: APT attacks (18%), malware (15%) and social engineering (21%).
IT companies faced the highest share of APT attacks among all industries — 41%. In addition, traces of past attacks (17%) and cases of social engineering (11%) were noted.
EXPERT OPINION
Sergey Soldatov, Head of the Cybersecurity Monitoring Centre at Kaspersky Lab, noted that key industries remain priority targets due to their strategic importance, connection to critical infrastructure and global supply chains.
"Data from 2025 confirms that attacks on such organisations are not mass-scale in nature, but are carried out purposefully — and in many cases to ensure permanent access to the system. Companies should consider that attackers planning targeted attacks will sooner or later find a way to penetrate the system, so efforts must be focused on early incident detection, rapid containment and minimising the window of opportunity for attackers," said Sergey Soldatov.
Valery Zubanov, Managing Director of the company in Kazakhstan, Central Asia and Mongolia, added that similar trends are observed in Kazakhstan. Among the most vulnerable are government agencies, industry and IT companies. He emphasised that attackers are increasingly seeking covertly to establish a foothold within infrastructure.
CONTEXT
Such risks are already manifesting in practice. In Kazakhstan, the interactive flood forecasting map for spring 2026, developed by the Pavlov analytical centre Pavlov Analytics in collaboration with companies Geobox and Giscarta, was temporarily unavailable due to a DDoS attack. The incident occurred during preparations for the peak of the flood season, when the tool is used to assess risk zones.
The service was subsequently fully restored, and access to the map is again open.