Skip to main content
Microsoft Security

Microsoft Digital Defense Report

Knowledge is powerful. This report encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.

Build a stronger defense with the insights and expertise in the Microsoft Digital Defense Report



Over 24 trillion security signals are analyzed every 24 hours offering a uniquely comprehensive view of the current state of security.



More than 8,500 Microsoft security experts from across 77 countries have helped provide a critical perspective on the security landscape.



Synthesized, integrated insights came from more teams, across more areas of Microsoft than ever before.

The state of cybercrime

We’ve seen cybercrime evolve as a national security threat that’s driven largely by financial gain. Positively, transparency is increasing as more victims of cybercrime come forward to share their stories. Government cybersecurity efforts have also increased in response to cyberthreats.


There are more than 25 different kinds of malicious email techniques in addition to phishing.


More than 15k phishing sites were neutralized within three months.


We’ve seen a 50% year-over-year reduction in employee susceptibility to phish after simulation training.

Nation state threats

Nation state threat actors have become more sophisticated and harder to detect, creating a threat to security that is replicated by other cybercriminals.

A diagram showing the most targeted countries and most active nation state activity groups.

Supply chain, IoT, and OT security

The Internet of Things (IoT), operational technology (OT), and supply ecosystems have been treated in isolation but to counter attacks, security needs to take a holistic approach. Multiple layers of defenses such as multifactor authentication can help maintain security.

Secure your devices

20 million devices

This was the number of devices found to use the default password “admin” in just 45 days of signals.

7 properties

We identified seven properties that are present in devices considered to be highly secured.

Nearly all industries affected

Critical vulnerabilities were found in several IoT and OT operating systems.

Hybrid Workforce Security

In both the physical and digital worlds, the primary way criminals get in is through an unlocked door. Organizations that do not apply or maintain basic security hygiene like patching, applying updates, or turning on multifactor authentication will face much greater exposure to attacks, including ransomware or Distributed Denial of Service (DDoS).

Phishing is responsible for almost 70% of data breaches

Basic security hygiene still protects against 98% of attacks.

Be cautious of “reliable” sources

Cybercriminals are using malware that is posed as legitimate software updates causing an increase in insider risk.

Update legacy systems to stay ahead of attacks

Adversaries are targeting on-premises systems, reinforcing the need for data governance and for organizations to move to the cloud.


Disinformation is being created and disseminated at increasing scale and speed.

Disinformation vs. misinformation

Empathy is needed when dealing with misinformation, which is false information that’s spread unintentionally by people who often have good intentions.

Spreading doubt

Threat and situational intelligence can be supplanted with disinformation to generate bias or create doubt in data integrity with decision makers.

Emerging threat of deepfakes

Improvements in AI have allowed deepfake videos and audio to directly harm individuals. They can now be used to trick employees into releasing or sharing credentials.

Actionable Insights

Technology and cyber risk can’t be treated as something that only IT and security teams manage. Criminals seek to exploit any opportunity that exists, so while recovery solutions are imperative, it’s on all of us to seek out cybersecurity training and ensure our online safety.

A diagram detailing the cybersecurity bell curve.

Report archive

Keep reading to see how the threat landscape and online safety has changed in a few short years.

Explore Microsoft security solutions

Follow Microsoft