Germany is facing more cyberattacks than any other European Union member, according to the Microsoft Digital Defense Report 2025, released by the tech giant’s headquarters in Redmond, Washington.
Between January and June 2025, about 3.3% of all cyberattacks worldwide were directed at German targets — from corporations and public institutions to private users. While that share may appear small, it still makes Germany the fourth most targeted country in the world.
Global ranking: the U.S. leads, Germany fourth
The United States remains the top global target, absorbing nearly one in four cyberattacks (24.8%). The United Kingdom follows with 5.8%, and Israel ranks third with 3.5%.
Behind Germany are Ukraine (2.8%), Canada and Japan (2.6%), India (2.3%), the United Arab Emirates (2.0%), and Australia and Taiwan with 1.8% each.
Microsoft’s analysis indicates that financial motives now outweigh espionage.
More than half of all recorded cyberattacks (52%) in the first half of 2025 involved ransomware, where attackers encrypt data and demand payment for decryption.
Only 4% were purely espionage-related operations.
“State-sponsored threats remain serious and persistent,” a Microsoft spokesperson said. “But the vast majority of attacks companies face today come from ordinary criminals driven by profit.”
State-linked hacker networks behind most sophisticated threats
According to the report, the highest-risk actors originate from Russia, China, North Korea, and Iran.
Russia primarily deploys hacker groups for military and political disruption, targeting Ukraine and NATO members.
North Korea and Iran, by contrast, use ransomware as a state revenue source, funneling stolen funds back into government programs.
A particularly concerning finding: Microsoft estimates that thousands of North Korean IT experts are secretly employed by Western companies through remote work arrangements.
“This hidden workforce sends hundreds of millions of dollars annually back to North Korea,” the report states.
“When discovered, some of these workers turn to digital extortion as an additional means of generating income for the regime.”
Phishing still dominates everyday cybercrime
Most conventional attacks still rely on phishing tactics — fake emails or login pages designed to steal user credentials. Once credentials are compromised, attackers can access business networks or private accounts.
Microsoft stresses that one simple security measure could prevent nearly all such attacks: multi-factor authentication (MFA).
The company’s data shows that 99.9% of credential-based attacks could be blocked with MFA enabled.
MFA requires users to verify their identity through a second factor, such as an SMS code, an app confirmation, or biometric data (fingerprint or face scan).
Even if hackers obtain a password, they cannot access the account without the additional step.
Outlook: awareness still the biggest defense gap
Experts warn that while cyber threats continue to grow in sophistication, basic protection habits remain insufficient among many users and small businesses.
With Germany ranking as the EU’s primary hacker target, cybersecurity awareness and the adoption of MFA could be the country’s most effective digital shield.
