Cybercrime 2025: Hackers Strike Rarely, But Far More Precisely

Imagine you are a thief. You have a choice: break into ten apartments in an old five-story building or open one armored safe in a central bank. In 2024, hackers, figuratively speaking, ran through apartments.

In 2025, they finally picked the keys to the safes. The statistics of the last twelve months look like a paradox: the total number of IT incidents in Russia and CIS countries fell almost in half, from 455 to 250 cases. It seemed like time to pop the champagne and praise the cybersecurity departments for excellent work.

But the devil, as usual, hid in the volume of stolen data. The total haul of criminals grew to 767 million rows of data. This is 70% more than last year, when the figure barely exceeded 450 million.

We are witnessing a fundamental shift in the strategy of cybercriminal groups. The era of 'carpet bombing,' when systems were breached indiscriminately for minor hype or random profit, is fading into the past. It has been replaced by an era of professional hunting. Hackers began spending more time on reconnaissance and preparation, targeting large corporations, data aggregators, and government systems. The logic is simple: why spend resources on ten small online stores when one successful breach of a major bank or telecom operator brings data on millions of users at once. This qualitative change makes each individual data leak far more painful for the economy and citizens' privacy.

Why is this happening right now? First, data centralization is taking its toll. We voluntarily hand over all our information to a few large ecosystems. It's convenient for users, but creates a 'single point of failure.' If previously your data was spread across a dozen services, now it lies in one enormous basket that attracts any professional hacker. Second, hackers have begun actively using automation tools and neural networks to find vulnerabilities. What once required weeks of manual code scanning is now done by algorithms in mere hours. The irony is that AI helps with defense, but gives attackers an edge in speed.

Another important factor is software import substitution. Russian businesses are massively switching to domestic solutions. This is the right step from a sovereignty perspective, but any new software inevitably goes through 'teething troubles.' Developers rush to roll out products to market, sometimes sacrificing the depth of security audits. Hackers know perfectly well about these vulnerabilities and take advantage of the moment while systems are not yet seasoned by years of operation. As a result, we get a situation where the number of hacking attempts decreases because criminals don't want to 'expose themselves' unnecessarily, but the effectiveness of each successful attack breaks all records.

For an ordinary user, this statistic means only one thing: digital hygiene has ceased to be a recommendation and has become a matter of survival. If nearly 800 million rows of data leak into the network per year, your data is most likely already there. More than once. We have entered a phase where the question is not whether the company you trust will be breached, but how quickly it will happen and how complete that breach will be. Businesses, in turn, will have to revise their security budgets, because reports of 'declining number of attacks' no longer reassure investors and regulators.

The bottom line: hacker effectiveness is growing faster than database security. Will 2026 be the year of the first billion stolen rows?