Germany, the United Kingdom, France, Italy, and Spain account for nearly 70% of the continent's ransomware activity. Germany currently leads the region in total incidents, reporting 370 attacks. The research highlights a strategic pivot among threat actors: while groups like Qilin cast a wide net across 26 countries, others like SafePay focus heavily on specific markets, with more than half of their European operations targeting German organizations.

Third-party risk has evolved from a peripheral concern to a primary vulnerability. The August 2025 compromise of Swedish software supplier Miljödata serves as a stark example, where a single breach exposed data for over one million individuals across 250 client organizations, including 200 municipalities. This shift toward supply chain exploitation complicates compliance for firms navigating evolving regulatory frameworks like NIS2 and DORA, which demand stricter oversight of external partners. Manufacturing remains the most targeted sector, followed closely by professional services and IT providers, whose interconnected systems provide attackers with broad access to multiple downstream clients.