TAIPEI (Taiwan News) — The Ministry of Digital Affairs’ Administration for Cyber Security said government agencies reported 726 mostly low-level cybersecurity incidents in 2025, down 29 from 2024, CNA reported Sunday.

Under Taiwan’s rules, cybersecurity incidents are ranked from Level 1 to Level 4 based on their effect on confidentiality, integrity, and availability. Level 1 cases made up 87.33% of reports, Level 2 cases made up 9.78%, and Level 3 cases made up 2.89%.

No Level 4 incidents were reported. Level 4 is the most serious category.

Unauthorized access accounted for 68.6% of all reported cases. Equipment problems made up 15.43%, denial-of-service attacks made up 4.96%, and website attacks made up 2.48%.

The administration said it reviewed threat trends and 2025 government incident reports to identify five major cybersecurity risks. The first risk involved fake communication software.

The administration said some users downloaded fake communication software from unofficial websites after replacing devices or getting new computers, leading to backdoor programs being installed, per UDN. It advised agencies to set clear rules for system changes and software downloads.

Software, hardware, and app installations should require approval before use, the administration said. The second risk was ransomware groups using custom software drivers to break into systems and avoid detection.

The administration said agencies should scan and fix website vulnerabilities, use web application firewalls, and keep endpoint protection systems updated. The third risk was weak supply chain control.

In one case, a maintenance contractor installed remote desktop software on a website server, and hackers broke in by guessing the password. The administration said agencies should strengthen controls over outside vendors and maintenance work.

The fourth risk was weaknesses or poor settings in network edge devices, such as routers, firewalls, and VPN devices. The administration said agencies should use allowlists for outside connections, block unnecessary ports, and keep device firmware updated.

The fifth risk was social engineering combined with abuse of cloud services. The administration said agencies should filter emails, check attachments and links in sandboxes, limit cloud drive sharing, and scan uploaded files.

The administration said the law requires agencies to maintain data backups, backup systems, and recovery functions. It said agencies should carry out business continuity plan drills so they can switch to backup systems when needed, per Economic Daily News.