In 80% of the cyber incidents Microsoft’s security teams investigated last year,attackers sought to steal data — a trend driven more by financial gain than intelligence gathering.
According to the latest Microsoft Digital Defense Report, written with our chief information security officer, Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware.
That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%.
Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.
Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyzes 38 million identity risk detections, and screens 5 billion emails for malware and phishing.
Advances in automation and readily available off-the-shelf tools have enabled cybercriminals–even those with limited technical expertise – to expand their operations significantly.
The use of AI has further added to this trend with cybercriminals accelerating malware development, creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks.
As a result, opportunistic malicious actors now target everyone — big or small — making cybercrime a universal, ever present threat that spills into our daily lives.
In this environment, organizational leaders must treat cybersecurity as a core strategic priority – not just an IT issue – and build resilience into their technology and operations from the ground up.
In our sixth annual Microsoft Digital Defense Report, which covers trends from July 2024 through June 2025 we highlight that legacy security measures are no longer enough; we need modern defenses and strong collaboration across industries and governments to keep pace with the threat.
For individuals, simple steps like using strong security tools — especially phishing-resistant multifactor authentication (MFA) — can make a big difference, as MFA can block over 99% of identity-based attacks.
The author is the corporate vice president in charge of customer security and trust at Microsoft
