The Ransomware Insights Report 2025

Just under a quarter (24%) of the ransomware incidents experienced by respondents involved data encryption.

59% of ransomware non-victims had implemented an email security solution.

41% of those who paid a ransom failed to recover all their data.

27% of ransomware incidents involved attackers stealing data.

Fewer than half (47%) of ransomware victims had implemented an email security solution.

27% of ransomware incidents involved attackers publishing data.

29% of ransomware incidents involved infecting devices with other malicious payloads.

Email is a primary attack vector for ransomware, with 71% of organisations that suffered an email breach also being hit with ransomware.

57% of the organisations surveyed were affected by ransomware.

61% of repeat ransomware victims say their security tools do not integrate.

37% of organisations affected twice or more by ransomware paid the attackers.

21% of ransomware incidents involved installing backdoors for persistence.

41% of successful ransomware attacks resulted in reputational harm.

16% of successful ransomware attacks involved payment pressure tactics threatening employees.

31% of ransomware victims were affected multiple times in the last 12 months.

74% of repeat ransomware victims state they are juggling too many security tools.

65% of organisations in local government were affected by ransomware.

Ransomware attackers have a one-in-three chance of payout.

32% of ransomware victims paid the attackers to recover or restore data.

67% of organisations in healthcare were affected by ransomware.

22% of successful ransomware attacks involved payment pressure tactics threatening partners, shareholders, and customers.

25% of successful ransomware attacks led to a loss of new business opportunities.