Overview
- The assessment covering July 2024 to June 2025 finds the national posture unchanged and notes a February surge in DDoS activity around major political events.
- Public administration is the prime espionage target, with attacks increasingly attributed to state-directed actors and a large unreported dark field suspected.
- About 950 ransomware cases were reported, roughly 80% against small and midsize firms, as payout rates fell but average demands climbed.
- Newly disclosed software flaws averaged 119 per day, up 24% year over year, and basic misconfigurations left many systems unnecessarily exposed.
- Officials pointed to international actions against LockBit and Alphv and outlined next steps including the Cyberdome plan, a larger BSI budget and stricter NIS2/KRITIS obligations for thousands of entities.