The Information-technology Promotion Agency (IPA) published the "Information Security Top 10 Threats 2025" analyzing significant cybersecurity incidents that occurred in 2024, providing comprehensive threat information and countermeasures along with mapping sheets.
This report was compiled through deliberations and voting by the "Top 10 Threats Selection Committee," consisting of approximately 200 members including information security researchers and corporate practitioners. Organizational threats are listed in ranking format as before, while individual threats are presented in alphabetical order to prevent prioritizing high-ranking threats while neglecting lower-ranked ones, ensuring all relevant threats receive appropriate attention.
Key organizational threats identified include:
- Ransomware attacks targeting critical infrastructure
- Supply chain attacks through third-party vendors
- Advanced persistent threats (APT) from nation-state actors
- Cloud service vulnerabilities and misconfigurations
- Insider threats and privilege escalation
The mapping sheets provide detailed correlations between specific threats and recommended countermeasures, enabling organizations to develop comprehensive security strategies. The report emphasizes the evolving nature of cyber threats and the need for continuous adaptation of security measures.