One of the report’s key messages is that the digital threat ecosystem has reached a worrying level of maturity. These are no longer isolated or sporadic attacks, but continuous, diversified, and often coordinated campaigns. While they may not always cause immediate large-scale damage, these actions steadily erode organizational resilience.
Attackers are acting faster than ever, exploiting known vulnerabilities within days and operating through increasingly professionalized criminal business models. In this context, basic prevention measures and user awareness are just as critical as advanced technological solutions.
Social engineering remains the primary entry point
ENISA’s report confirms that phishing and other social engineering techniques continue to be the main entry point for digital attacks. Approximately 60% of the incidents analyzed originated from deception targeting people rather than purely technical failures.
Fraudulent emails, fake messages, and websites designed to appear legitimate remain effective tools because they exploit the human factor. In many cases, the goal is not only to steal credentials, but also to enable later access to corporate systems or deploy malicious software.
This highlights a key reality: cybersecurity depends not only on technology, but also on training, organizational culture, and the ability to recognize everyday risks.
Ransomware and digital extortion: a persistent threat
Among the most serious incidents, ransomware continues to play a central role. These attacks, which lock systems or steal information to demand payment, have become one of the main tools of cybercrime.
The report notes that criminal groups have adapted their strategies in response to European law enforcement actions, decentralizing operations and adopting models such as ransomware-as-a-service. This has lowered entry barriers for new actors and multiplied the number of active campaigns.
For companies, the impact goes far beyond financial losses: operational disruptions, loss of customer trust, reputational damage, and potential regulatory penalties are all part of the real cost of these incidents.
Digital dependencies and the supply chain: a shared risk
Another notable trend is the rise in attacks targeting suppliers and external services. Organizations are no longer attacked solely through direct means, but also via their digital dependencies, including software providers, cloud services, browser extensions, or code repositories.
As highlighted in the report, this type of incident amplifies the impact of attacks, since a single compromised provider can simultaneously affect multiple organizations.
For businesses, this reinforces the need to assess not only their own security posture, but the security of their entire digital ecosystem.
Mobile devices: an increasingly attractive target
Mobile phones and other portable devices have become one of the primary targets for attackers. According to the report, threats aimed at mobile devices represent the largest share of the identified risks.
Malicious applications, spyware, and mobile-based financial fraud demonstrate that these devices are no longer a secondary complement, but a central element of daily digital activity. For organizations, this requires rethinking usage policies, access controls, and information protection beyond the traditional office environment.
Artificial intelligence: between opportunity and risk
Artificial intelligence has become a cross-cutting element of the threat landscape. The report indicates that a large proportion of social engineering campaigns already use AI tools to create more credible, personalized, and harder-to-detect messages.
More advanced malicious uses are also emerging, such as the creation of fake identities, automated fraud, or digital content manipulation. At the same time, AI systems themselves are becoming new targets, further expanding the attack surface.
This scenario presents a dual challenge: leveraging the potential of AI to enhance security while not underestimating the risks associated with its misuse.
Most affected sectors: uneven exposure
The report identifies certain sectors as particularly exposed. Public administration tops the list, followed by transport, digital infrastructure, the financial sector, and manufacturing.
In many cases, attacks aim to generate social impact, service disruptions, or media visibility. In others, the objective is the theft of sensitive information or financial gain. This diversity of motivations demonstrates that no organization, regardless of size or sector, is completely risk-free.
A call to action: prevention, training, and resilience
The landscape outlined by ENISA leads to a clear conclusion: cybersecurity must be addressed as a continuous process, not as a one-time solution. The combination of technical measures, staff training, risk management, and incident response planning is essential to reduce the impact of evolving threats.
Source: ENISA. (2025). Threat Landscape 2025. European Union Agency for Cybersecurity.