Security Navigator 2025 report reveals 50% increase in attacks targeting healthcare sector, 53% rise in incidents targeting SMEs

(Image: Supplied)
(Image: Supplied)

Orange Cyberdefense has released its Security Navigator 2025 report equipping security professionals with valuable insights into the cyber threat landscape and enabling organisations to strengthen their resilience in the face of cyber risks.

The annual report, now in its sixth edition, draws on the vast intelligence capabilities of Orange Cyberdefense to bring together research and data from across more than 135 000 security events in 160 countries, 1 300 000 security vulnerabilities and 13 308 investigated cases of cyber extortion since 2020, including 4 200 in the last 12 months.

In addition, the data comes out of their 32 operational security centres and epidemiological labs around the globe, where Orange Cyberdefense’s researchers have uncovered a year’s worth of cyber crime activities.

The report provides security leaders with the data needed to initiate important conversations within their organisations around their security strategies.

Click here to download a copy of the report.

Here are a few key findings from this year’s report:

Cyber extortion’s rising toll on small and medium businesses

A 53% YOY rise in incidents targeting small businesses has been reported in the Security Navigator. (Image: Supplied)
A 53% YOY rise in incidents targeting small businesses has been reported in the Security Navigator. (Image: Supplied)

The report highlights a worrying increase in cyber extortion impacting SMEs, with a 53% YOY rise in incidents targeting small businesses. The compounding effect of ‘re-victimisation’ – where stolen data is re-used in multiple extortion campaigns – further amplifies these organisations’ financial and psychological toll. SMEs now account for over two-thirds of all observed cyber extortion victims.

Critically, SMEs' cyber security may also impact large organisations. An incident at a small player can lead to a cascade of disruptions throughout the chain.

The Security Navigator 2025 also suggests that the traditional approaches to ‘vulnerability management’ are no longer fit for purpose, due to the large number of vulnerabilities security teams must handle, which takes them away from more meaningful work that would prevent a successful attack. This is especially true for smaller SME teams.

Increased aggression against healthcare and beyond

Cyber extortion industry comparisons – graph from the latest Security Navigator report. (Image: Supplied)
Cyber extortion industry comparisons – graph from the latest Security Navigator report. (Image: Supplied)

As cyber extortion continues to increase globally, the report notes that it’s also becoming increasingly ‘cynical’. This year, there has been a 50% YOY increase in attacks targeting the healthcare and social assistance sector, ranking it as the fourth most impacted industry. Sub-sectors such as ambulatory healthcare and hospitals are now being frequently targeted, which points to a further erosion of the ‘moral’ restraints that previously protected these sectors.

Other sectors have also experienced a marked rise in Cy-X attacks this year. The top three most impacted industries have all seen significant increases: +25% for manufacturing, +20% for professional, scientific and technical services, and +65% for wholesale trade.

AI: A double-edged sword in cyber security

The Security Navigator 2025 also highlights AI as a powerful yet complex tool, with both defensive and offensive cyber security applications reshaping threat dynamics. Threat actors, including state-sponsored actors from countries such as China, Russia and Iran, are leveraging GenAI to create realistic phishing content, fake images and deepfakes to deceive large audiences, which is supporting their deployment of ‘cognitive attacks’.

On the defensive side, the report found that AI is beneficial for detecting hard-to-identify threats. AI-driven systems have improved detection rates for advanced threats like ‘beaconing’ – a tactic where malware sends subtle, periodic signals to command-and-control servers – reducing incident response times by up to 30% as organisations use AI to identify and intercept these signals before damage can escalate​. However, the report also warns about vulnerabilities in GenAI solutions and urges business to implement strict access rights to sensitive data and systems, ensure isolation between tenants, and educate users about the risk of data leaks in prompts.

Charl van der Walt, Head of Security Research at Orange Cyberdefense, said:The story in this year’s report is far bigger than statistics and technical details. It shines a light on a growing cynicism in the threat landscape as different threat actors seem less concerned about the potential of causing harm, and may even be more intent on inflicting it than ever before.”

Click here to download a copy of the report.

Share

Editorial contacts

Dillon Bensusan
Orange Cyberdefense South Africa Marketing and Communications Manager
(+27) 83 607 5264
dillon.bensusan@orangecyberdefense.com