The Microsoft report showed that in the first half of 2025, Ukraine ranked fifth globally and third in Europe among the countries that were most frequently targeted by cyber activity, specifically in Europe, almost one in ten victims were from Ukraine (9.5 per cent).
“Despite the enormous challenges, Ukraine is rapidly transforming and becoming a leader in cybersecurity. By accelerating cloud adoption, applying AI to protect critical infrastructure and driving innovation, the country is building digital resilience,” Microsoft’s technology director for the NTO Europe North Multi-country Cluster, Renate Strazdin, was quoted as saying.
The report notes that more than 52% of cyber attacks with known motives are driven by extortion and ransomware, while cyber espionage accounts for only 4%. In 80% of cases, the attackers’ goal is to steal data, underscoring the global nature of the threat.
The company said it processes more than 100 trillion security alerts every day, blocks approximately 4.5 million new malware attack attempts, analyses 38 million user account risk detections and scans 5 billion emails for malware and phishing threats.
Microsoft said in the report that hospitals, schools and local governments are increasingly being targeted by cyberattacks due to the storage of sensitive data and limited cyber defence resources. This therefore leads to delays in medical care, interruption of educational process and shutdown of transport systems.
Microsoft Digital Defence Report 2025 also adds that today, legacy security measures are ineffective. Therefore, user use of multi-factor authentication (MFA), especially phishing-resistant authentication, can prevent more than 99% of credential theft attacks.
Separately, the report notes that the threat from state actors remains. In particular, Russia is expanding attacks beyond Ukraine, for example to small businesses in NATO countries, using them as entry points into larger organisations. China is expanding attacks against various industries and non-governmental organisations, using vulnerable devices for stealthy access.
Microsoft added that Iran is attacking logistics companies in Europe and the Persian Gulf, likely in preparation for disrupting commercial shipping, and North Korea is focusing on financial gain and espionage, particularly through the employment of IT professionals overseas who pass on earnings to the regime.
The report says artificial intelligence (AI) is accelerating the development of threats. For example, cybercriminals are using AI to automate phishing and create artificially generated content. Cybersecurity experts, on the other hand, are using AI to be better able to detect threats and improve user security.