CANCOM Cyber Security Report 2025: Digital resilience as the key to future security
- Strategies & technologies against complex attacks.
- The report sheds light on the influence of AI on attack and defense strategies, presents CANCOM's commitment to quantum cryptography and provides guidance on the implementation of regulatory requirements such as NIS2 and DORA.
With the publication of the Cyber Security Report 2025, CANCOM once again presents a comprehensive analysis of the current threat situation and security strategies in the digital space. The annual report highlights the most important developments in the field of cyber security and shows how companies can strengthen their digital resilience - a topic that is becoming increasingly important in the face of growing threats from ransomware, social engineering and attacks on supply chains.
Almost all aspects of our economic, social, political and private lives are related to cyber security in some way. According to the Allianz Global Risk Barometer, cyber incidents are among the biggest business risks worldwide at 36 percent - at the same time, according to a Munich Re study not sufficiently protected. "Cybersecurity is one of the most important key factors for strong business performance and future security," emphasizes Jochen Borenich, CEO of CANCOM Austria, in the foreword to the report.
Top topics in 2025: Adversary evolution, Big 4 and zero days
The report identifies several key threat areas: the increasing professionalization of attackers, the so-called "adversary evolution", the vulnerability of global supply chains and the growing sophistication of social manipulation techniques.
In addition to these threats, the report also analyzes the activities of the so-called Big 4 - China, Russia, Iran and North Korea - as well as the increasing danger of zero-day attacks, which often remain undetected and are used specifically by state actors.
A key conclusion of the report: ransomware is and remains the number one threat. The attacks are not only becoming more frequent, but also more complex - with attempts at extortion that operate on several levels simultaneously: from data encryption and data theft to DDoS attacks and targeted contact with third parties. Artificial intelligence (AI) is increasingly acting as an accelerator of these developments: AI-based technologies enable automated attack patterns, deceptively real deepfakes and highly personalized phishing campaigns.
The report also focuses on the use of AI and LLMs in cybersecurity. It shows which LLM models attackers use and how companies can minimize risks through data validation and targeted segmentation.
AI both an opportunity and a risk for cybersecurity
However, AI also opens up new opportunities for defense - for example through anomaly detection, threat intelligence and automated responses. The question is no longer whether AI plays a role in cyber security - but how it is used responsibly, efficiently and strategically. Another key topic of the report is therefore the use of AI and machine learning (ML) in cyber security. While attackers are increasingly relying on generative AI, CANCOM uses ML-based technologies to detect and defend against threats at an early stage. "Data quality, validation and transparency are crucial to using AI safely and effectively," explains Erwin Friedl, Principal Cyber Security Analyst at CANCOM.
Holistic security strategies against current threat scenarios
In addition to analyzing the current threat situation, the report also shows specific practical strategies on how companies can counter current and future risks: For example, how companies can secure their IT and OT infrastructures holistically with the so-called 4+1 strategy (Prevent, Protect, Detect, Respond + Recover). But also how the Security Operations Center and the interaction between Red and Blue Teams - the so-called PURPLE Team - contribute to this.
Quantum cryptography and NIS2: a look into the future
CANCOM is also contributing its network and security expertise to research into quantum cryptography and is working on the encryption of data transfers as part of the EU QCI-CAT project. At the same time, the company supports its customers in implementing regulatory requirements such as the NIS2 directive. Interested parties can also find valuable assistance on this in the Cyber Security Report.
Practical examples and voices from the business world
The report contains numerous best practices and interviews - including with ORF, ZARGES and SPAR ICS - which show how companies are working with CANCOM to strengthen their security architecture. The key finding: the more sophisticated the attacks, the more intelligent and forward-looking the defense strategies need to be.
The CANCOM Cyber Security Report 2025 is aimed at companies throughout the DACH region and takes into account both national and European developments - from regulatory requirements such as NIS2 and DORA to industry-specific challenges in industry, healthcare and the public sector. The complete CANCOM Cyber Security Report 2025 is now available for download at: www.cancom.at/it-security