CSIRT KNF prepared Annual Report on Cybersecurity 2025 – a summary of the key threats and trends in cyberspace as well as actions taken to improve the security of the financial market. 

The report shows that the cyberthreat landscape is becoming more and more complex. Apart from threats targeted directly at financial institutions, increasingly important are the attacks against providers of technologies, IT services and software used by the financial sector. The growing supply chain risk leads to a situation where the effects of an incident may go beyond a single entity and affect the security of the entire market. 

The report confirms that the process of enhancing digital resilience of the financial sector requires not only responding to incidents but also taking preventive actions, monitoring new attack techniques on an ongoing basis, cooperation with the market, and exchanging information regularly. 

The publication summarises the key threats, trends and actions taken to improve the security of the financial market. The data for 2025 show the scale of challenges: 41 751 dangerous domains for which a request for blocking order was made, 9 751 fraudulent advertisements blocked, 787 DDoS attacks against the financial sector, and 274 ICT incident reports accepted under DORA. CSIRT KNF also issued 625 warnings about threats, 19 sector-specific recommendations, and 51 entity-specific recommendations following security screenings.

An increase in the activity of ransomware groups can also be observed. CSIRT KNF is monitoring the activity of ransomware groups, analysing their publications on data leaks and assessing the potential impact of such incidents on the supply chain in the financial market in Poland. Such an approach allows for early identification of threats and quicker risk assessment and enables the entities concerned to be informed of the threats before they become a direct issue.

We invite you to read the report here.