Anatomy of a Cyber World Global Report 2026

The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also includes Incident Response findings based on real-world cases identified and mitigated in 2025.

Kaspersky Security Services provide a comprehensive cybersecurity ecosystem, taking enterprise threat protection to another level. Services like Kaspersky Managed Detection and Response and Compromise Assessment allow for timely detection of threats and cyberattacks. SOC Consulting provides a practical approach ensuring the corporate infrastructure stays secured, while Incident Response is suited for timely remediation with a maximized recovery rate.

High-level overview of the MDR, IR and CA connection This new report brings together statistics across regions and industries from our Managed Detection and Response and Incident Response services, and for the first time, it also includes insights from our Compromise Assessment and SOC Consulting services — all to provide you with more comprehensive view of different aspects of corporate information security worldwide. The scope of MDR and IR services Provision of Kaspersky’s MDR and IR services follows a global approach. The majority of customers accounted for the CIS (34. 7%), the Middle East (20. 1%), and Europe (18. 6%).

Distribution of customers by geographical region, 2025 MDR telemetry Following the previous year’s numbers, in 2025, the MDR infrastructure received and processed an average of 15,000 telemetry events per host every day, generating security alerts as a result. These alerts are first processed by AI-powered detection logic, after which Kaspersky SOC analysts handle them as required. Overall, a total of approximately 400,000 alerts were generated in 2025. After counting out false positives, 39,000 alerts were further investigated.

MDR telemetry statistics, 2025 Incident statistics The distribution of remediation requests by industry has slightly changed as compared to previous years’ pattern. Government (18. 5%) and industrial (16. 6%) organizations are still the most targeted industries in regards to cyberattacks that require incident response activities.