Ransomware (attacks involving a ransom demand) remains a major threat according to the report.

Since 2021, SMEs have consistently been the most affected category. In 2025, they represent 48% of ransomware victims — nearly 1 out of 2.

At the same time, the report highlights the strong increase in data theft extortion. In this scenario, attackers do not always block systems. They simply threaten to publish stolen data.

As ANSSI reminds, this creates significant reputational risk. It can affect customer trust and even the company’s survival.

“These data exfiltrations – whatever their nature – and their public exposure create a substantial reputational risk for victims.
They may lose customer trust or see their economic survival affected.”
— ANSSI Cyber Threat Landscape 2025

ANSSI highlights that generative AI can act as a force multiplier for attackers.

For example, it can spread disinformation at scale, create fake company or employee profiles on social media or generate more convincing phishing content.

AI can also be used for victim profiling or malware design.

However, ANSSI states that these tools are mainly used as assistants today, not as fully autonomous attack systems.

Highly visible attacks have not disappeared. But an increasing share of compromises is now more discreet.

Attackers increasingly use legitimate services — cloud, remote access tools, web services — to blend into normal traffic and avoid detection.

They can stay inside an information system for months before exfiltrating data or launching a visible attack.

For companies, this means some intrusions may remain undetected for long periods, making threat detection more complex.

With AI and increasingly advanced techniques, social engineering becomes harder to detect.

For example, the “ClickFix” technique is rising sharply in 2025. It tricks employees into executing malicious commands themselves, disguised as technical messages (e.g. fake captcha).

“Without requiring high technical skills, attackers continue to exploit human biases, notably by relying on the willingness of targeted individuals.”
— ANSSI Cyber Threat Landscape 2025

Using a supplier to reach a target company has been a known method for over ten years.

The 2025 report shows a rise in attacks through suppliers (ex. Cloud) and IT service providers within the supply chain.

By compromising a supplier, attackers can access their clients’ systems or data.

For SMEs, this means their security also depends on the security level of their providers and suppliers.

ANSSI highlights that several European regulations — notably NIS2 and the Cyber Resilience Act (CRA) — aim to raise the overall cybersecurity level.

In the financial sector, DORA (Digital Operational Resilience Act) is applicable.

These regulations will also impact many SMEs. Even when not directly in scope, SMEs will face higher security requirements from clients, contractors, or partners.

The report shows that security cannot rely only on technical tools.

Attackers also exploit organizational weaknesses, human errors or poorly managed dependencies.

For SMEs, this calls for a global security assessment covering technical, organizational, and third-party aspects.

The 2025 trends confirm that a cyberattack is not just a technical issue.

It can stop operations: production halted, employees inactive, customer trust lost.
This makes cybersecurity a leadership issue.

It becomes part of corporate governance, further reinforced by new regulations.

ANSSI also stresses that preparedness is critical. It depends not only on technology, but on clear internal organization.

Even for SMEs, this means having:

• Cybersecurity governance: set priorities, supervise projects, define roles and responsibilities
  
• Documented continuity plans: procedures to avoid improvisation when systems are unavailable