Cyberattacks continued to rise in 2025. In its LiveSOC Threat Landscape 2025 Report, Inetum reveals that its LiveSOC teams processed 154,601 security alerts and managed 29,886 security incidents worldwide last year. The strongest increases appeared in malicious code incidents (+197%), intrusions (+82%) and confidentiality breaches (+64%). Ransomware also retained its position as one of the most disruptive attack methods, with 8,054 attacks detected in 2025, up from 6,548 the year before. 

Geopolitical tensions and ongoing military conflicts increasingly shaped the cyber threat landscape in 2025. Cyberattacks linked to physical conflicts continued to grow, pushing hybrid warfare activity to record levels. These operations combine cyber sabotage, espionage and disinformation with traditional geopolitical pressure.

“Armed conflicts now translate almost directly into cyber activity,” explains Peter Vandeput, Business Unit Lead Cybersecurity at Inetum Belgium. “Cyber operations serve as a tool to destabilize systems, gather sensitive information and influence public or institutional processes. The targets are rarely random: attackers select countries, institutions and sectors based on their geopolitical relevance. Brussels, for example, attracts more attention due to its role as a hub for European institutions, NATO and international headquarters.”

Threat landscape under pressure

Ransomware also continued its upward trajectory in 2025. After 4,143 attacks in 2023 and 6,548 in 2024, the number rose to 8,054 ransomware attacks in 2025. The United States, the United Kingdom and France remained the most targeted countries worldwide. Belgium ranked tenth, maintaining its position among the countries most exposed to ransomware despite a slight shift (-3 places) in ranking.

Alongside ransomware, Distributed Denial of Service (DDoS) attacks reached historic levels in 2025. Cloudflare reports that 20.5 million DDoS attacks were blocked in the first quarter alone, a 358% increase year-over-year. Inetum detected 15,000 DDoS attacks, with France, the United States, India, Spain and Belgium among the most targeted countries. Government institutions were hit most frequently (1,821 attacks), followed by the transport (299), financial services (291), technology (274) and education (254) sectors.

At the same time, the number of publicly disclosed software vulnerabilities rose by 20% in 2025, increasing from 32,240 in 2024 to 38,502, according to the US National Institute of Standards and Technology (NIST). In addition, 9,674 vulnerabilities were published with a publicly available exploit, meaning attackers could actively use them as entry points. Within this group, high- and critical-risk vulnerabilities accounted for 81% of cases in 2025, up from 73% the year before.

What the threat landscape signals for 2026

So, what does this mean for 2026? The report points to digital identity as a key target for attackers, a trend that also plays out in Belgium, with digital ID cards being introduced from November onwards. Ransomware is expected to remain one of the most lucrative forms of cybercrime, with attackers using double or triple extortion tactics against both public and private organisations.

At the same time, “as-a-service” models continue to lower the barrier for cybercrime, while DDoS attacks are set to increase in both volume and sophistication, driven by IoT botnets and illicit attack services. State-sponsored APT groups are also expected to intensify operations against critical sectors, as cyber activity increasingly follows military and geopolitical developments. Moreover, phishing campaigns will become more targeted and automated through AI, leaving Belgian organisations especially exposed to identity-related attacks and supply-chain risks.

 “Artificial intelligence plays a central role in both attack and defense strategies,” concludes Vandeput. “Attackers already use AI to automate phishing, refine evasion techniques and scale influence operations. Defensive teams must respond with AI-driven detection and automated response, while accepting that risk never fully disappears. Being at the heart of Europe, Belgian organisations will need to increase investments and speed up implementation to fully control and protect their data from foreign actors.”

About Inetum

Inetum is a European leader in digital services. Inetum’s team of 27,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetum’s solutions aim at contributing to its clients’ performance and innovation as well as the common good. Present in 19 countries with a dense network of sites, Inetum partners with major software publishers to meet the challenges of digital transformation with proximity and flexibility. Driven by its ambition for growth and scale, Inetum generated sales of 2.4 billion euros in 2024. For more information: www.inetum.com

About Inetum LiveSOC

LiveSOC is a state-of-the-art Security Operations Center that provides 24/7 monitoring, detection, and response to cyber threats. At the heart of its services is a robust cyber threat intelligence capability, enabling proactive identification of malicious actors, emerging tactics, and global threat trends. By combining advanced analytics, threat hunting, and real-time intelligence feeds, LiveSOC enables organizations to stay ahead of evolving cyber threats and make informed security decisions. LiveSOC supports customers in multiple regions around the world, providing customized security analytics and operational resilience on a global scale.