What CLUSIT, ENISA, and DBIR Reveal About the New Threat Landscape

On November 5th, the latest CLUSIT Report was released, confirming the global cyber threat trends already outlined in ENISA’s Threat Landscape 2025 and Verizon’s Data Breach Investigations Report (DBIR). Together, they provide a unified picture: the attack surface is expanding, and the only sustainable defense is systemic cyber resilience built on strong data protection and secure file-sharing strategies.

A Converging Threat Landscape: Supply Chain Under Siege

All three reports highlight the dramatic surge in supply chain breaches.

The CLUSIT Report notes that many organizations are being targeted precisely because of their dependence on specific technologies or vendors. Verizon’s DBIR confirms a doubling of third-party data breaches, now accounting for 30% of all incidents, while ENISA identifies supply chain attacks as a growing systemic threat (10.6% of all reported incidents).

This convergence makes one thing clear: interconnected ecosystems have become the new frontier of digital vulnerability, and third-party risk management must now be an integral part of every organization’s cybersecurity strategy.

Ransomware Still Reigns as the Most Profitable Attack Vector

Ransomware remains the most significant and lucrative cyber threat in 2025.

CLUSIT attributes 34% of all incidents in the first half of the year to malware, with ransomware dominating the scene due to its high financial yield.

 

 

Verizon reports a 37% increase in ransomware attacks, now present in 44% of data breaches, while ENISA documents an even more alarming 83.5% share of ransomware-related threats.

 

 

Small and medium-sized businesses (SMBs) are disproportionately affected – according to Verizon, ransomware is involved in 88% of SMB breaches, confirming their status as prime targets for cybercriminals.

 

The Most Targeted Sectors: Manufacturing, Government, and Healthcare

CLUSIT records a sharp rise in multi-target attacks (20.8%), followed by Government, Military, and Law Enforcement (14.1%), Healthcare (12.2%), Manufacturing (7.7%), and Finance (6%).

 

ENISA identifies digital infrastructure and critical services (13.7%) as top targets, followed by manufacturing (13.26%) and business services (9.7%), while Verizon ranks manufacturing (17%) first, ahead of professional services (15%), healthcare, and retail.

 

 

The manufacturing sector is under particular pressure, with ENISA noting a sharp rise in Operational Technology (OT) attacks, now representing 18.2% of all identified threat categories.

New malware strains like VoltRuptor-designed specifically for industrial control systems and now available on the dark web-mark a dangerous democratization of advanced attack capabilities.

This trend is confirmed by Verizon’s data, which show 1,607 confirmed incidents in the manufacturing sector—nearly double the 849 cases reported the previous year.
Equally alarming is the rise of cyber espionage, which increased from 3% to 20% of all breaches within the sector.
Meanwhile, the CLUSIT Report confirms that cybercrime remains the primary threat to manufacturing, accounting for over 94% of all recorded cases.

 

 

AI: A Double-Edged Sword in Cybersecurity

Both ENISA and Verizon highlight the dual nature of Artificial Intelligence.

ENISA estimates that over 80% of social engineering attacks now leverage AI-generated content, while Verizon reports that 15% of employees access generative AI platforms (GenAI) on corporate devices-often using non-corporate email accounts (72%), creating a growing “Shadow AI” risk.

AI simultaneously amplifies phishing, deepfakes, and malware creation while exposing sensitive data through uncontrolled use of GenAI tools.

Organizations urgently need clear AI usage policies and zero trust controls that prevent unauthorized access and data leaks from unregulated AI systems.

The Human Factor: Still the Weakest Link

Technology evolves, but human error remains the leading cause of data breaches.

ENISA attributes 60% of intrusion vectors to phishing, while Verizon highlights ransomware (44%), stolen credentials (32%), and vulnerability exploitation (18%) as the primary initial attack vectors.

This underscores the critical importance of security awareness training, multi-factor authentication (MFA), and endpoint protection to prevent data loss caused by human behavior.

 

The Regulatory Response: Europe Leads with a Security-by-Design Approach

The European regulatory framework continues to evolve toward resilience and accountability.

The Cyber Resilience Act enforces mandatory security requirements for digital products, embedding security by design, while the Cyber Solidarity Act enhances cross-border response coordination.

Meanwhile, the NIS2 Directive and DORA Regulation set new standards for critical infrastructure protection, incident reporting, and data integrity in financial and operational ecosystems.

ENISA’s operational role-coordinating CSIRTs and harmonized taxonomies-ensures that regulation translates into practical resilience.

 

Building Systemic Cyber Resilience: From Prevention to Continuity

True cyber resilience is no longer just about preventing attacks. It’s about the ability to absorb, recover, and learn from them.

Organizations must evolve toward integrated, multi-layered defense strategies that include:

• Segmentation of OT and IT networks to isolate critical systems
• Continuous vulnerability management and rapid patching
• Third-party security audits and continuous vendor risk assessment
• Advanced employee training to counter AI-powered social engineering
• Zero Trust architectures that verify every access attempt
• End-to-end data encryption, both in transit and at rest
• Data Loss Prevention (DLP) solutions that prevent accidental or malicious data leaks and ensure compliance with NIS2 and DORA

 

Conclusion: From Compliance to Cyber Resilience

The combined findings of CLUSIT, ENISA, and Verizon DBIR 2025 reveal a rapidly evolving threat landscape driven by state actors, cybercriminals, and hacktivists alike.

The response must be systemic-blending advanced technology, regulatory compliance, and public-private collaboration.

Europe’s governance model offers a forward-looking blueprint for data protection and secure file sharing, but its success depends on operational execution.

In a world where data is the backbone of sovereignty, data protection is no longer a technical choice-it’s a strategic imperative.