Blog / Cybercrime in 2025: What Businesses Can Learn from Germany's BKA Report

2026-06-10

Cyberattacks are no longer the exception. They have become part of the everyday threat landscape for businesses, organizations, and public institutions. This is also evident in the latest report from Germany’s Federal Criminal Police Office (Bundeskriminalamt, or BKA), its “Federal Cybercrime Situation Report 2025.” While the report focuses on Germany, the trends it describes are playing out internationally: cybercrime is becoming more professional, scalable, and potentially more damaging for those affected. Ransomware, data extortion, phishing, and the misuse of artificial intelligence are particularly defining the current landscape.

This raises a key question for companies: How can sensitive data be protected when attacks are increasingly targeting not just systems, but the information itself?

Cybercrime in 2025: What Businesses Can Learn from Germany's BKA Report

Cybercrime Remains at High Levels

The Federal Situation Report shows that cybercrime continues to pose a significant threat in Germany. For the year 2025, the Federal Criminal Police Office (BKA) reports a total of 333,922 cybercrime cases when domestic and foreign offenses are considered together. It is particularly noteworthy that foreign offenses, at 207,888 cases, significantly outnumber domestic offenses. This illustrates the extent to which cyberattacks are organized across borders and how difficult it can be to prosecute them under criminal law.

The economic damage is also enormous. According to the Bitkom survey cited in the report, cyberattacks caused damage to the German economy amounting to approximately 202.4 billion euros. This means that cyberattacks account for a significant portion of the total losses incurred by companies due to theft, espionage, and sabotage.

These figures show that cybersecurity is not just an IT issue. It affects the entire organization—from management and the IT department to specialized departments that work with sensitive data on a daily basis.

Ransomware Remains a Major Threat

Ransomware remains one of the greatest threats. The BKA continues to describe attacks involving encryption trojans as a major threat to businesses and public institutions. In 2025, 1,041 ransomware attacks were reported across Germany—an increase of about ten percent compared to the previous year.

It is particularly striking that the majority of these attacks target organizations: According to the report, around 96 percent of ransomware attacks targeted companies, organizations, and institutions. About 90 percent were directed at small and medium-sized enterprises.

This is an important point. Cybercriminals do not only attack large corporations with massive IT budgets. Small and medium-sized organizations, in particular, are increasingly being targeted because they often possess valuable data but do not always have the resources for complex security architectures.

Typical examples include:

  • Customer data
  • Contract documents
  • Financial data
  • Research data
  • Personnel files
  • Internal strategy and project documents
  • Sensitive data from clients, patients, members, or partner organizations

Such information is particularly valuable to attackers. And that is precisely why it is no longer enough to simply secure systems. The data itself must also be protected.

From Ransomware to Double Extortion

In the past, ransomware primarily focused on encrypting systems. Attackers blocked access to files and demanded a ransom for their restoration. Today, this model has become significantly more dangerous.

The BKA points out that a large proportion of ransomware attacks can be attributed to the “double extortion” modus operandi. In this scenario, attackers not only encrypt systems but also copy data from the affected environment beforehand. They then threaten to publish or sell this information.

For companies, this shifts the risk. It is no longer just a matter of whether data can be restored from a backup. It is also a matter of whether sensitive information has already been leaked—and whether attackers can read, analyze, and use it against the organization.

Backups remain important, of course. They help restore operations after an attack. But they do not solve the problem of data exfiltration. If confidential data has been copied in unencrypted form, a backup cannot prevent reputational damage, legal risks, or potential data breaches.

This is precisely where data-level encryption becomes crucial.

Data Extortion Is on the Rise

The report makes it clear that, alongside traditional ransomware, another modus operandi is taking hold: data extortion. In some cases, attackers even forego encrypting systems and instead focus directly on extracting sensitive data and then blackmailing victims by threatening to publish it.

This is a significant development. It shows that cybercriminals are targeting the area where the pressure on companies is greatest: confidential information.

If sensitive data falls into the wrong hands, the threat is not limited to short-term business disruptions. Companies must also expect long-term consequences:

  • Loss of customer trust
  • Damage to reputation
  • Data breach notifications and potential fines
  • Legal disputes
  • Disclosure of internal information
  • Endangerment of partners, employees, or affected individuals
  • Blackmail through threats of further disclosures

The more sensitive the data, the greater the pressure. For NGOs, universities, research institutions, works councils, law firms, consulting firms, healthcare organizations, or social service providers, such a data breach can be particularly severe.

AI Makes Attacks Faster and More Convincing

Another key focus of the Federal Situation Report is the use of artificial intelligence. The BKA notes that AI lowers the technical barriers to entry for cybercrime and can make attacks more efficient, faster, and more credible.

This is particularly evident in phishing. AI can help create deceptively authentic emails: linguistically flawless, well-translated, personalized, and written in the style of well-known companies or internal communications. This makes phishing attacks harder to detect.

But the report goes even further. AI can also assist in the strategic reconnaissance of target systems, the identification of vulnerabilities, and the analysis of large amounts of data. In the context of ransomware, this can mean that attackers can more quickly identify which files are particularly sensitive, confidential, or business-critical.

This changes the defense landscape. Organizations must assume that, in the future, attackers will not only be able to steal more data but also analyze it more quickly and use it in a more targeted manner for extortion.

Why Cloud Data Requires Special Protection

Many companies and organizations now operate in the cloud. Files are stored in cloud storage, shared among teams, and edited from various locations. This is efficient and has become indispensable for modern collaboration.

At the same time, new risks are emerging. The more sensitive data is stored in cloud environments, the more important the following question becomes:

Who can access this data—and in what form is it stored there?

Account security, multi-factor authentication, and role-based permissions are important protective measures. But they should not be the only lines of defense. Phishing, compromised credentials, misconfigurations, or unauthorized access can all lead to attackers gaining access to cloud files.

If this data is stored in plain text, it is immediately usable. If, on the other hand, it has been encrypted on the client side, an additional layer of protection is created. Attackers cannot then easily read the files, even if they gain access to the storage location.

What Role Cryptomator Hub Can Play in This

This is exactly where Cryptomator Hub comes in. The solution helps teams and organizations store sensitive data in the cloud in an encrypted format and manage access centrally.

It’s important to understand the distinction: Cryptomator Hub is not anti-ransomware software, a virus scanner, or DDoS protection. In other words, the solution does not prevent attackers from sending phishing emails, developing malware, or attacking infrastructure.

The added value lies on a different level: Cryptomator Hub protects data where it is most at risk—in day-to-day collaboration, in cloud storage, and in shared work environments.

This is particularly relevant in four scenarios:

1. Protection Against Exploitable Data Leaks

When attackers attempt to copy data from cloud storage, encryption determines whether that data is readable to them. Client-side encryption ensures that files are encrypted before they are stored in the cloud.

This is a crucial factor in data extortion. Stolen data is only valuable for blackmail if it can be analyzed and published.

2. Access Control for Teams

In organizations, data must be shared—but not all data with everyone. Cryptomator Hub enables structured management of access rights for teams. This allows for better control over who has access to specific vaults and sensitive information.

This is particularly important for organizations with multiple departments, project teams, or external stakeholders.

3. Complementing Existing Security Measures

Cryptomator Hub does not replace a comprehensive security strategy. It complements it. A robust cybersecurity strategy should combine multiple layers:

  • Awareness and training
  • Phishing protection
  • Strong passwords and multi-factor authentication
  • Endpoint security
  • Regular updates
  • Backups
  • Permissions and role management
  • Incident response
  • Encryption of sensitive data

In this model, Cryptomator Hub primarily strengthens the data confidentiality layer.

4. Practical Solution for Smaller Organizations

Since the report indicates that SMEs in particular are heavily affected by ransomware, practical implementability is a key factor. Not every organization can build complex enterprise security infrastructures. At the same time, smaller teams must also protect sensitive data.

Cryptomator Hub can be positioned here as a low-threshold, team-friendly solution: Cloud data remains accessible but is protected by additional encryption.

➡️ Try Cryptomator Hub for 30 days!

Conclusion: Cybersecurity Must Start With the Data

The 2025 Federal Cybercrime Situation Report makes it clear that companies should no longer view cyberattacks solely as a technical risk. The key question is no longer simply whether an attack can be repelled. It is also crucial to consider how capable an organization remains of functioning if an attack is successful.

This is precisely where the perspective on data security is shifting. When attackers copy, analyze, and use sensitive information as leverage, the confidentiality of this data becomes a central component of an organization’s own resilience. Those who store confidential information unprotected in cloud environments rely on all upstream protection mechanisms functioning at all times. However, the current threat landscape shows that this assumption is risky.

Companies therefore need security strategies that not only prevent attacks but also limit their consequences. This includes consistently protecting sensitive data in such a way that it cannot be immediately exploited in the event of an emergency. Encryption is not an additional measure for particularly cautious organizations, but a fundamental building block of modern cyber resilience.

This is exactly where Cryptomator Hub comes in: The solution helps teams encrypt sensitive cloud data on the client side and manage access centrally. While it doesn’t protect against every form of cyberattack, it strengthens a crucial line of defense—the data itself.

After all, the more cybercrime focuses on the theft and publication of sensitive information, the more important a simple fact becomes: Data that attackers cannot read loses a large part of its potential for blackmail.

➡️ Request a demo!