As a public safety agency, your success depends on the strength of every system within your organization. While frontline tools like radios and dispatch consoles are the most visible, administrative networks provide the essential foundation for daily operations. These enterprise systems managing vital functions like payroll, human resources and records that keep an agency running, are facing a significant rise in targeted activity.
According to the latest Public Safety Threat Alliance (PSTA) report, Public Safety Enterprise Threat Landscape, cyberattacks against administrative networks increased by 12 percent in 2025, totaling 348 observed incidents. The government and public safety sector remains a significant target for ransomware attacks globally, as threat actors know the urgent need to restore community services creates immense pressure on agencies to pay. Therefore, protecting these administrative systems is just as important as securing emergency response tools.
How AI accelerates cyber threats
Rapid artificial intelligence (AI) adoption is a primary reason why cyberattacks are happening more frequently. According to the PSTA report, AI allows threat actors to automate their work and move through networks faster than ever. This efficiency significantly shortens the time defenders have to identify and stop an intrusion before it impacts service.
Automation also allows cybercriminals to find security gaps with increased efficiency. In fact, 40 percent of victim organizations cited unknown security gaps as the main reason for their compromise. This rapid pace often leads to fewer early warning signs. In the fastest cases observed, attackers moved from entering a network to stealing data in just 72 minutes. This speed is a direct result of AI tools making every step of an attack faster.
Municipal networks see 42 percent surge in attacks
Local government networks experienced the highest number of attacks in 2025. These systems sustained 245 incidents, a 42 percent surge from the previous year. This increase was driven by two main threats: Distributed Denial of Service (DDoS) attacks and ransomware. DDoS attacks were the most common, accounting for 44 percent of incidents, while ransomware made up 37 percent. Even though DDoS happens more often, ransomware remains the more severe threat because of the average time it takes for an agency to recover from attacks.
Cybercriminals often focus on mid-sized municipal networks because they typically have weaker security than federal agencies while also having an abundance of exploitable services and interconnected systems. Adversaries are also shifting toward “data-only” extortion to maximize their profits. This tactic involves stealing sensitive information and threatening to release it publicly without ever locking the network with encryption.
Operational cost of recovery soars for public safety agencies
When an attack hits the enterprise side of a public safety agency, the operational burden is heavy and long-lasting. The real challenge begins after the initial breach. The report found that public safety organizations face an average recovery time of 42 days following a ransomware attack.
To reduce these risks, agencies must focus on fixing security gaps and making their networks stronger. Staying ahead of these fast-moving threats requires access to expert intelligence and a team approach to defense.
PSTA membership: a cost-free resource
The Public Safety Threat Alliance (PSTA) serves as a no-cost information sharing and analysis organization (ISAO) for the global public safety community. Recognized by the Cybersecurity and Infrastructure Security Agency (CISA), the PSTA acts as a central hub for intelligence by providing actionable analysis, monthly briefings and automated threat feeds.
Protecting the systems communities rely on every day requires both advanced technology and a strong network of experts. Building these connections is a core focus of Summit, the premier Motorola Solutions user conference.
From April 19 to 22, the PSTA team will be at Summit in Orlando to meet with members and discuss the latest threat trends in person. The team will also host the annual KNIGHT SIREN tabletop exercise that will give participants the opportunity to role play how they would respond to a cyber incident. Summit 2026 provides a dedicated space for public safety leaders to collaborate, share best practices and explore the latest advancements in technology and security.
