According to BI.ZONE, by 2025, attackers will increasingly opt for total destruction of corporate infrastructure rather than encryption .
This refers to scenarios in which, after penetrating a network, attackers use wipers, destructive tools that erase data and can disable network equipment. This approach increases damage and complicates recovery: companies face not only downtime, but also the loss of critical components.
In 2025, retail companies were the most frequent requesters for investigations into major cyber incidents, accounting for 31% of all requests . BI.ZONE also notes that the retail sector has become the primary perpetrator of data breaches, accounting for nearly 40% of cases.
Common causes include aging IT infrastructure and poor network segmentation, which allow attacks to spread more quickly along the perimeter and impact multiple systems.
The IT sector ranked second in terms of the number of investigations, with a 26% share. Small IT companies are also attractive to attackers, as they often work as contractors for large clients. Consequently, the compromise of a contractor is used as a gateway to more secure infrastructure. BI.ZONE estimates that by 2025 , 30% of highly critical incidents will be linked to third-party attacks. A year earlier, this percentage was half that, at 15%.
Transportation, telecommunications, and government organizations share third place in terms of the number of investigations, each accounting for 11% of cases. BI.ZONE describes the overall trend as increasing sophistication and destructiveness of attacks, while the underlying motivations remain the same: financial gain remains dominant, and phishing remains the most common method of initial penetration . However, the emphasis shifts year over year: in 2022, defacement and hacktivist campaigns were prominent, in 2023, leaks and mass data dumps, in 2024, active infrastructure encryption, and in 2025, the use of wipers was significantly more frequent.
BI.ZONE also notes an increase in the time it takes attackers to remain undetected in the infrastructure. In 2024, the average was 25 days, rising to 42 days in 2025. However, the difference remains significant: the minimum attack development time from penetration to encryption in 2025 was 12.5 minutes, while the maximum was 181 days.
Recovery from such incidents still takes a long time.
In 2025, affected companies took an average of three days to restore critical systems needed to resume business operations. Full business process recovery took an average of 14 days.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
