Cyber Threats : A High, Systemic and Sustained Risk

Lire en Français

ANSSI Threat Landscape 2025 : What Does It Mean For SMEs ?

Each year, ANSSI (French Nation­al Cyber­se­cu­ri­ty Agency) pub­lish­es its cyber threat land­scape report whre it ana­lyzes the main trends observed from inci­dents han­dled or report­ed to the agency.

The con­clu­sion of the 2025 edi­tion is clear : “the lev­el of cyber threat remains high, affects every­one, and involves attack­ers who are increas­ing­ly dif­fi­cult to track.”

ANSSI describes a “sys­temic” threat.
This means cyber threat now affects the entire eco­nom­ic and social fab­ric, not just a few tar­get­ed orga­ni­za­tions.

In addi­tion, this cyber threat is no longer tem­po­rary. It is a last­ing trend.

The report also high­lights that attacks are often oppor­tunis­tic.
Cyber­crim­i­nals tar­get many orga­ni­za­tions with­out spe­cif­ic sec­tor focus, although edu­ca­tion and health­care are among the most affect­ed sec­tors in 2025.

As the report is dense and tech­ni­cal, we pro­vide a clear, jar­gon-free overview in this arti­cle. We high­light six key trends with a direct impact on SMEs.
Then, we out­line prac­ti­cal ways to antic­i­pate and respond.

Cyber Threat Developments Directly Impacting SMEs

1. SMEs remain the primary victims of ransomware

Ran­somware (attacks involv­ing a ran­som demand) remains a major threat accord­ing to the report.

Since 2021, SMEs have con­sis­tent­ly been the most affect­ed cat­e­go­ry. In 2025, they rep­re­sent 48% of ran­somware vic­tims — near­ly 1 out of 2.

At the same time, the report high­lights the strong increase in data theft extor­tion.
In this sce­nario, attack­ers do not always block sys­tems.
They sim­ply threat­en to pub­lish stolen data.

As ANSSI reminds, this cre­ates sig­nif­i­cant rep­u­ta­tion­al risk.
It can affect cus­tomer trust and even the company’s sur­vival.

“These data exfil­tra­tions – what­ev­er their nature – and their pub­lic expo­sure cre­ate a sub­stan­tial rep­u­ta­tion­al risk for vic­tims.
They may lose cus­tomer trust or see their eco­nom­ic sur­vival affect­ed.”
— ANSSI Cyber Threat Land­scape 2025

2. AI can accelerate attack capabilities

ANSSI high­lights that gen­er­a­tive AI can act as a force mul­ti­pli­er for attack­ers.

For exam­ple, it can spread dis­in­for­ma­tion at scale, cre­ate fake com­pa­ny or employ­ee pro­files on social media or gen­er­ate more con­vinc­ing phish­ing con­tent.
AI can also be used for vic­tim pro­fil­ing or mal­ware design.

How­ev­er, ANSSI states that these tools are main­ly used as assis­tants today, not as ful­ly autonomous attack sys­tems.

3. Attacks become more stealthy and harder to detect

High­ly vis­i­ble attacks have not dis­ap­peared. But an increas­ing share of com­pro­mis­es is now more stealthy.

Attack­ers increas­ing­ly use legit­i­mate ser­vices — cloud, remote access tools, web ser­vices — to blend into nor­mal traf­fic and avoid detec­tion.
They can stay inside an infor­ma­tion sys­tem for months before exfil­trat­ing data or launch­ing a vis­i­ble attack.

For com­pa­nies, this means some intru­sions may remain unde­tect­ed for long peri­ods, mak­ing threat detec­tion more com­plex.

4. Social engineering techniques are more sophisticated

With AI and increas­ing­ly advanced tech­niques, social engi­neer­ing becomes hard­er to detect.

For exam­ple, the “Click­Fix” tech­nique is ris­ing sharply in 2025.
It tricks employ­ees into exe­cut­ing mali­cious com­mands them­selves, dis­guised as tech­ni­cal mes­sages (e.g. fake captcha).

“With­out requir­ing high tech­ni­cal skills, attack­ers con­tin­ue to exploit human bias­es, notably by rely­ing on the will­ing­ness of tar­get­ed indi­vid­u­als.”
— ANSSI Cyber Threat Land­scape 2025

5. Suppliers are an increasingly exploited entry point

Using a sup­pli­er to reach a tar­get com­pa­ny has been a known method for over ten years.

The 2025 report shows a rise in attacks through sup­pli­ers (ex. Cloud) and IT ser­vice providers with­in the sup­ply chain.

By com­pro­mis­ing a sup­pli­er, attack­ers can access their clients’ sys­tems or data.

For SMEs, this means their secu­ri­ty also depends on the secu­ri­ty lev­el of their providers and sup­pli­ers.

6. Cybersecurity will be a market requirement

ANSSI high­lights that sev­er­al Euro­pean reg­u­la­tions — notably NIS2 and the Cyber Resilience Act (CRA) — aim to raise the over­all cyber­se­cu­ri­ty lev­el.

In the finan­cial sec­tor, DORA (Dig­i­tal Oper­a­tional Resilience Act) is applic­a­ble.

These reg­u­la­tions will also impact many SMEs.
Even when not direct­ly in scope, SMEs will face high­er secu­ri­ty require­ments from clients, con­trac­tors, or part­ners.

How To Anticipate Instead Of React ?

The 2025 report shows one sim­ple real­i­ty.
For SMEs, the ques­tion is no longer whether they may be tar­get­ed.
The ques­tion is whether they are ready to with­stand and recov­er from an inci­dent.

In oth­er words, SMEs can­not focus only on pre­vent­ing attacks.
They must also be ready to respond and con­tin­ue oper­at­ing if an attack occurs.

We struc­ture this approach around four key stages of cyber resilience : iden­ti­fy, secure, pre­pare, reme­di­ate.

1. Identify weaknesses before attackers do

The report shows that secu­ri­ty can­not rely only on tech­ni­cal tools.

Attack­ers also exploit orga­ni­za­tion­al weak­ness­es, human errors or poor­ly man­aged depen­den­cies.

For SMEs, this calls for a glob­al secu­ri­ty assess­ment cov­er­ing tech­ni­cal, orga­ni­za­tion­al, and third-par­ty aspects.

2. Secure : people and technology

Since attack­ers exploit both tech­ni­cal vul­ner­a­bil­i­ties and human behav­ior, cyber­se­cu­ri­ty must address both :

  • Tech­ni­cal : secure access to sys­tems and main­tain appro­pri­ate pro­tec­tion lev­els
  • Orga­ni­za­tion­al : raise employ­ee aware­ness, as attack­ers often rely on deceiv­ing users

3. Prepare : governance and documentation

The 2025 trends con­firm that a cyber­at­tack is not just a tech­ni­cal issue.

It can stop oper­a­tions : pro­duc­tion halt­ed, employ­ees inac­tive, cus­tomer trust lost.
This makes cyber­se­cu­ri­ty a lead­er­ship issue.

It becomes part of cor­po­rate gov­er­nance, fur­ther rein­forced by new reg­u­la­tions.

ANSSI also stress­es that pre­pared­ness is crit­i­cal.
This depends not only on tech­nol­o­gy, but on clear inter­nal orga­ni­za­tion.

Even for SMEs, this means hav­ing :

  • Cyber­se­cu­ri­ty gov­er­nance : set pri­or­i­ties, super­vise projects, define roles and respon­si­bil­i­ties
  • Doc­u­ment­ed con­ti­nu­ity plans : pro­ce­dures to avoid impro­vi­sa­tion when sys­tems are unavail­able

4. Remediate : manage the consequences of an attack

ANSSI reminds that reme­di­a­tion — clean­ing a sys­tem after an attack — is com­plex.

It requires iden­ti­fy­ing and remov­ing all attack­er access points to pre­vent re-entry through a back­door.

This phase often requires spe­cial­ized exper­tise and depends heav­i­ly on pri­or prepa­ra­tion.

In summary

In a con­text of per­sis­tent­ly high cyber threat, cyber­se­cu­ri­ty for SMEs is no longer just a tech­ni­cal mat­ter.

It becomes a con­di­tion for busi­ness con­ti­nu­ity in an envi­ron­ment where attacks con­tin­ue to rise.

For busi­ness lead­ers, the ques­tion is now strate­gic.
How will the com­pa­ny con­tin­ue oper­at­ing if an attack occurs ?

This real­i­ty also comes with rapid­ly strength­en­ing Euro­pean reg­u­la­tion that also affects SMEs.

In our next arti­cles, we will ana­lyze what these reg­u­la­tions con­crete­ly change for SMEs.    

Author
Lai Ly
SME Cyber­se­cu­ri­ty Gov­er­nance Spe­cial­ist
Finan­cial Ser­vices sec­tor Spe­cial­ist

Con­tribu­teur
Stéphane Hivert
SME Cyber­se­cu­ri­ty Spe­cial­ist
E‑commerce, Indus­tri­al sec­tor Spe­cial­ist

Do not let cyber threats decide the future of your business.

Resilience is about ensur­ing your busi­ness keeps run­ning.

At LINARIS, we are hands-on prac­ti­tion­ers who help SME lead­ers under­stand their cyber risks and struc­ture their resilience before an inci­dent occurs.

A first con­fi­den­tial dis­cus­sion often helps iden­ti­fy pri­or­i­ties.


[Con­tact us]

Disclaimer

This report is pro­vid­ed for infor­ma­tion­al pur­pos­es only and reflects the author’s opin­ion at the time of analy­sis.
It does not con­sti­tute legal or reg­u­la­to­ry advice and does not guar­an­tee the absence of risks or vul­ner­a­bil­i­ties.
Threats and risk lev­els may evolve over time.
Any deci­sions tak­en on the basis of this report remain the sole respon­si­bil­i­ty of the read­er.

Similar Posts