Cyber threats are growing faster and more sophisticated than ever before. Microsoft’s Digital Defence Report 2025 outlines a world where artificial intelligence, identity compromise and supply chain vulnerabilities are reshaping how organisations must think about security.
For UK organisations, one message comes through clearly: cyber risk is business risk and resilience must be built into every layer of operations.
At OryxAlign, we’ve analysed Microsoft’s latest findings to highlight what matters most for security leaders and how intelligent, proactive defence can help organisations stay ahead.
AI is redefining both attack and defence. Microsoft observed that adversaries are increasingly leveraging AI to automate phishing and discover vulnerabilities, making them more sophisticated and harder to detect.
Identity-based attacks rose by 32% in the first half of 2025, which reflects the use of AI-crafted lures to compromise credentials. Meanwhile, 28% of breaches began with phishing or social engineering, 18% exploited unpatched assets and 12% leveraged exposed remote services.
But AI is also transforming how defenders operate. Microsoft themselves use AI to analyse trillions of signals daily, validate detections, automate remediation and identify emerging campaigns before they escalate.
Find out more about the role of AI in cybersecurity, its applications, challenges and the future of AI-powered threat protection: https://www.oryxalign.com/blog/the-double-edged-sword-of-ai-in-cybersecurity
As Microsoft notes, “adversaries aren’t breaking in – they’re logging in.” Compromised credentials have become the most common path to breach, enabling ransomware, data theft and extortion.
Phishing-resistant multi-factor authentication (MFA) remains one of the most effective defences, blocking over 99% of unauthorised access attempts. However, adoption remains inconsistent across industries.
This year also saw a rise in supply chain attacks, where trusted vendors or cloud connectors become the entry point for compromise. Protecting these extended networks demands continuous verification, least-privilege access and a zero-trust mindset applied end-to-end.
Microsoft’s global telemetry spans more than 100 trillion daily data points and highlights just how widespread the threat landscape has become.
The United States and United Kingdom remain among the most frequently targeted nations. Over half of all attacks are financially motivated, while only 4% are driven by espionage. Data exfiltration now occurs in 80% of breaches, and destructive actions in the cloud have risen by 87% year on year.
High-value sectors such as government, IT and academia remain primary targets due to their sensitive data and legacy infrastructure. But smaller enterprises are far from immune – particularly those with hybrid environments or under-resourced security operations.
Resilience isn’t just the ability to recover, but to anticipate, absorb and adapt in the face of disruption.
Microsoft’s findings reinforce a simple truth: cyber risk is business risk. Security should be a boardroom topic, with measurable KPIs tied to regular security exercises and cross-functional collaboration across teams.
Embedding resilience by design means building it into every layer of infrastructure. From endpoint and cloud to identity and operations, this can ensure business continuity even under sustained attack.
Microsoft’s intelligence highlights three key emerging trends:
Meanwhile, the financial motive behind attacks remains strong: over 50% of cyber incidents had extortion or ransom objectives, and 80% of reactive engagements observed data exfiltration. Cloud environments are also under growing strain, with an 87% rise in destructive attacks targeting Azure and over 40% of ransomware incidents now affecting hybrid systems.
These findings underscore the need for visibility, trust, and continuous verification, which are principles embedded in OryxAlign’s zero-trust and third-party risk management practices.
Microsoft’s 2025 report closes with ten clear imperatives for business and technology leaders. Below is how these priorities align with OryxAlign’s approach to building secure, adaptive environments:
| Microsoft's Guidance | OryxAlign's Approach |
| Manage cyber risk at the board level | Executive-level reporting and governance frameworks that embed cyber risk into strategic planning |
| Prioritise protecting identities | Identity Access Management with phishing-resistant MFA and privileged access controls |
| Invest in people, not just tools | Security awareness, leadership training, and simulated phishing exercises to build human resilience |
| Defend your perimeter | Continuous vulnerability scanning and patch management to close external exposures |
| Know your weaknesses and pre-plan for breach | Red-team testing, incident response simulations, and recovery planning |
| Map and monitor cloud assets | Cloud Security Posture Management (CSPM) for compliance, visibility, and control |
| Build and train for resiliency | End-to-end continuity planning and hands-on recovery testing |
| Participate in intelligence sharing | Access to live threat intelligence feeds through Microsoft partnerships |
| Prepare for regulatory change | Advisory and compliance readiness for evolving data protection standards |
| Begin AI and quantum risk planning now | Strategic consulting on AI governance and quantum-safe encryption |
The 2025 Digital Defence Report makes one thing clear: cybersecurity has become an economic and societal issue, not just a technical one.
In an age of AI-enhanced threats and global interconnection, the organisations that thrive will be those that think strategically about cyber resilience, not as an isolated function, but as part of their core business DNA.
To learn more about how we can help you and your organisation build a resilient strategy against cyber-attacks, visit https://www.oryxalign.com/cyber or email us at hello@oryxalign.com.