Cybercriminals Now Increasingly Targeting Government Organizations, Report Reveals

The 2025 Kaspersky analysis underscores a pronounced pivot toward government and industrial targets, reflecting the strategic value of geopolitical intelligence and critical infrastructure. As nation‑state actors and sophisticated criminal groups vie for persistent access, the concentration of breaches in the public sector signals heightened risk for policy makers and regulators. This trend also forces private‑sector security teams to broaden their threat‑intelligence feeds, integrating geopolitical cues with traditional cyber‑risk models.

Attack methodologies reveal a nuanced landscape: advanced persistent threats dominate government incidents, accounting for a third of breaches, while the IT sector experiences the highest share of human‑driven APTs at 41%. Industrial organizations confront a balanced mix of APTs, malware, and social engineering, with nearly a quarter of incidents stemming from proactive red‑team exercises. These patterns highlight the necessity of layered defenses—continuous monitoring, threat hunting, and rapid containment—to counter both opportunistic and purpose‑built attacks.

Beyond technical controls, the report spotlights a cultural shift in risk management. With 70% of large enterprises ready to subsidize cybersecurity for their suppliers and 25% already sharing costs, firms acknowledge that supply‑chain vulnerabilities can eclipse internal weaknesses. Collaborative funding, combined with regular red‑team drills and robust role‑based access controls, offers a pragmatic pathway to elevate ecosystem resilience. Adopting managed detection and response services further ensures that organizations can detect anomalies early, limiting the fallout of increasingly sophisticated cyber incursions.