In 2025, the Centre for Cybersecurity Belgium (CCB) continued to play a central role in protecting citizens, organisations and public authorities against cyber threats. The year was marked by a sustained operational workload, evolving threat patterns and a strong focus on prevention, awareness and information sharing.
Incident response and operational support
Throughout 2025, the CCB handled 635 cybersecurity incidents at national level. This represents a significant increase in national incidents, underlining both the growing complexity of the cyber threat landscape and the importance of coordinated response mechanisms.
The number of emergency response interventions rose to 103, reflecting a higher demand for rapid, hands-on support in critical situations. Ransomware remained a major concern, with 105 ransomware incidents reported. While this figure shows a slight decrease compared to the previous year, ransomware continues to pose a serious risk to organisations.
At the same time, account compromise cases doubled to 144 incidents, highlighting the persistent exploitation of stolen credentials and the need for strong authentication and user awareness. DDoS attacks remained relatively stable, with 63 incidents recorded.
Phishing and malicious activity
Phishing continued to be one of the most common attack vectors in 2025. The Safeonweb platform received 9,929,354 reports sent to suspicious@safeonweb.be, confirming the high level of public engagement in reporting suspicious messages.
Thanks to this collective effort and enhanced detection capabilities, 176,183 unique URLs and 40,815 unique domains were identified and tagged as malicious. While these figures represent a decrease compared to the previous year, they demonstrate a more targeted and efficient approach to identifying malicious infrastructure.
Warnings, vulnerabilities and threat intelligence
In 2025, the CCB published 264 technical advisories to support organisations in mitigating vulnerabilities and emerging threats. In parallel, 568 cyber threat intelligence (CTI) reports were shared via the Early Warning System (EWS) portal, strengthening information exchange with partners.
The CCB also conducted 152 spear‑phishing warning campaigns (warnings related to the same topic), both automated and manual. In total, 32,005 spear warnings were issued, showing a substantial increase in direct warnings sent to potentially affected organisations and users.
The number of disclosed vulnerabilities reached 219, reflecting the continued effort to promote responsible disclosure and improve the overall security posture of digital systems in Belgium.
The Belgian Anti-Phishing Shield (BAPS) warning page recorded more than 185 million visits, confirming its role as a key reference point for timely and trusted cybersecurity information.
Awareness and outreach
Raising awareness remained a cornerstone of the CCB’s mission. In 2025, 78 news items were published on Safeonweb, which attracted 1,891,220 visits over the year. These figures highlight the continued public interest in practical, accessible cybersecurity guidance.
In addition, the CCB organised 15 “Connect and Share” events (bringing together nearly 6,500 participants worldwide), fostering collaboration and knowledge exchange between public authorities, critical sectors and cybersecurity professionals.
Looking ahead
The 2025 figures confirm that cybersecurity remains a shared responsibility. Through incident response, threat intelligence, awareness campaigns and close cooperation with partners, the Centre for Cybersecurity Belgium continues to strengthen the resilience of Belgium’s digital ecosystem in the face of an ever‑evolving threat landscape.
