The
2025 State of Cyber Security report from
Check Point paints a sobering picture: Cybersecurity professionals are losing confidence as the threat landscape grows more aggressive, sophisticated, and persistent.
While technical defenses have advanced, adversaries are evolving faster—exploiting misconfigurations, leveraging AI, and sidestepping traditional defenses with ease. The result is a widening gap between attack sophistication and defensive readiness.
Key findings
The report highlights a 58% surge in infostealer attacks, emphasizing how cybercriminals increasingly favor stealing credentials over brute-force methods. This trend marks a shift in tactics: Rather than seeking immediate access, attackers are building patient, persistent campaigns using stolen credentials and session tokens to quietly infiltrate networks.
Ransomware remains the top threat to businesses, but the tactics have shifted dramatically. Groups are moving away from encryption toward data exfiltration-only extortion (DXF), a quieter, faster method with fewer technical hurdles. This shift has made attacks harder to detect and easier to replicate. Alarmingly, the healthcare sector—previously considered off-limits by some criminal groups—has become the second most targeted industry, underscoring the erosion of even informal “ethical” lines in cybercrime.
In parallel, cloud infrastructure and edge devices are now prime targets. Threat actors are exploiting hybrid networks, leveraging lateral movement between on-premise and cloud environments to bypass segmentation. Vulnerabilities in routers, VPNs, and IoT devices create easy access points, particularly when default configurations or outdated firmware are left unaddressed.
The gathering disinformation storm
Adding to the complexity is the global surge in disinformation campaigns. AI-powered influence operations interfered with one-third of major elections worldwide between late 2023 and early 2024.
These campaigns—backed by nation-states like China, Iran, and Russia—blur the lines between cyber warfare and psychological operations, using deepfakes, bot networks, and social engineering to destabilize democratic institutions and sow mistrust.
Under-resourced and overwhelmed
The report also notes a growing sense of urgency among CISOs and security leaders. Many feel under-resourced and overwhelmed, particularly as attacks grow more targeted and regulatory scrutiny intensifies. Despite law enforcement successes, such as the takedowns of LockBit and ALPHV ransomware groups, the broader ecosystem remains resilient. Dozens of new groups have quickly filled the void, adapting operations and accelerating campaigns with alarming speed.
What’s clear is that conventional security strategies are no longer sufficient. The growing volume and velocity of attacks—combined with evolving threat tactics—demand a renewed focus on visibility, detection speed, and incident response readiness. The report recommends a shift toward proactive security models that leverage threat intelligence, AI-driven detection, and cross-domain integration to close critical gaps.
For security practitioners, the message is clear: 2025 isn’t about preparing for the future of cyber threats—it’s about surviving the present.
