STATE OF RANSOMWARE SURVEY

87% of organizations expect deepfakes to become major attack vectors in future ransomware campaigns.

82% of organizations believe generative AI makes phishing emails more difficult to identify, even for well-trained employees.

89% of healthcare organizations express concern that deepfake audio and video will become major vectors for social engineering in future ransomware attacks.

54% of healthcare organizations implemented AI-powered threat detection.

76% of organizations reported that it is getting harder to be fully prepared for ransomware attacks

83% of organizations that paid ransoms were hit again by ransomware attacks

50% of organizations that experienced a ransomware attack believed they were 'very well prepared' for ransomware.

90% of C-level executives express concern that deepfake audio and video will become major vectors for social engineering in future ransomware attacks.

51% of organizations deployed automated incident response.

48% of organizations adopted AI-enhanced phishing detection.

33% of ransomware incidents involved compromised credentials

61% of organizations successfully restored from backups after their most recent incident.

Fewer than 25% of organizations that experienced a ransomware attack recovered from the attack within 24 hours.

Nearly 25% of organizations that experienced a ransomware attack suffered significant disruption or data loss.

78% of organizations across Australia, France, Germany, India, Singapore, the United Kingdom, and the United States reported experiencing a ransomware attack within the past year.

Only 22% of victims who felt 'well-prepared' recovered from ransomware attacks within 24 hours

Nearly 40% of organizations were unable to fully restore the data they lost from ransomware attacks

93% of victims had data stolen despite paying ransom

38% of organizations fixed the issue that allowed attackers to enter after a ransomware attack

83% of victims who paid ransom were attacked again

21% of organizations that paid ransom were still unable to recover all data

50% of organizations that were attacked believed they were 'very well prepared' for a ransomware incident beforehand

22% of organizations that experienced a ransomware attack were able to recover within 24 hours

42% of organizations that experienced a ransomware attack suffered significant downtime

92% of organizations in Singapore reported a disconnect between leadership and security team perceptions of ransomware readiness.

76% of organizations reported a growing disconnect between how leadership and the security team perceive their ransomware readiness.

53% of retail, distribution, and transport organizations rated themselves as very well prepared, but 44% suffered significant disruption to business operations due to ransomware attacks.

46% of security teams believe their organizations are 'very prepared' to face ransomware.

52% of financial services organizations rated themselves as very well prepared, and 38% achieved same-day recovery from ransomware attacks.

40% of manufacturing and production organizations experienced significant disruption to business operations due to ransomware attacks.

58% of manufacturing and production organizations rated themselves as very well prepared, but only 12% recovered from ransomware attacks within the same day.

42% of public sector organizations suffered significant disruption to business operations due to ransomware attacks.

60% of public sector organizations rated themselves as very well prepared, but only 12% recovered from ransomware attacks within 24 hours in the survey.

52% of healthcare organizations rated themselves as very well prepared, but 40% experienced significant disruption to business operations due to ransomware attacks.

32% of ransomware incidents were caused by malicious downloads

92% of organizations believe their employees are well trained to spot phishing emails

84% of organizations have seen a measurable increase in phishing and/or credential theft incidents they suspect were AI-assisted

40% of ransomware incidents began through vulnerability exploits

31% of organizations that suffered a ransomware attack reported RMM tools as the attacker's entry point

76% of organizations expressed concern about their ability to stop ransomware spreading from an unmanaged host over SMB

45% of victims reported that phishing was the initial point of compromise in ransomware attacks

35% of ransomware incidents were attributed to supply chain compromise

87% of organizations consider AI-generated social engineering tactics more convincing than traditional methods.

76% of organizations agree that it is increasingly difficult to prepare for ransomware attacks as attackers use AI to adapt and evade defenses.

53% of organizations implemented AI-powered threat detection.

41% of public sector organizations implemented AI-powered threat detection.

37% of U.S. adults reported GenAI-enabled malware as a top concern regarding cybersecurity threats

57% of French organizations reported the greatest concern about AI-enabled threats, compared to an average of 45% across geographies

Over 40% of organizations reported using AI or automation to support threat detection and alerting in response to a ransomware incident

42% of U.S. adults reported AI-generated phishing emails as a top concern regarding cybersecurity threats

53% of French organizations reported concern about GenAI-enabled malware, compared to an average of 40% across geographies

57% of organizations in the U.K. and Singapore expressed concern about social engineering tactics

39% of organizations could not fully recover from backups after their last ransomware incident.

83% of organizations that paid ransoms experienced another attack from the same or different threat actor.

82% of organizations acknowledge that they are not equipped to weather the reputational fallout from sensitive data leaks.

93% of organizations that paid ransoms learned that data was exfiltrated despite payment.

45% of organizations that paid ransoms could not recover all of their data even after paying.

Financial services organizations had an average downtime cost of $1.3 million USD per ransomware incident.

Healthcare organizations reported an average downtime cost of $1.5 million USD per ransomware incident.

24% of organizations faced legal and regulatory penalties as a result of ransomware incidents.

22% of organizations reported a loss of customer or business opportunities as a result of ransomware incidents.

48% of organizations experienced encrypted or lost access to data or systems due to ransomware.

Public sector organizations faced the highest average downtime costs at $2.5 million USD per incident.

24% of victims were affected by publicly released or stolen data, leading to ongoing competitive and compliance risks.

34% of victim organizations experienced reputational damage that undermined customer and partner trust.

48% of organizations identified faster and more automated attack chains as the greatest threat from ransomware.

51% of organizations increased general cybersecurity investment following ransomware attacks

45% of organizations enhanced training and awareness programs following ransomware attacks

38% of organizations addressed the specific issue that enabled the ransomware attack

47% of organizations improved detection and monitoring capabilities after ransomware attacks

50% of financial services organizations implemented AI-powered threat detection.

45% of organizations reported concerns about their ability to detect and respond to threats as quickly as AI-automated attacks can execute.

94% of organizations in the energy sector reported a disconnect between leadership and security team perceptions of ransomware readiness.

37% of financial services organizations suffered significant disruption to business operations due to ransomware attacks.

78% of organizations experienced a ransomware attack in the preceding 12 months

54% of board members and C-level executives believe their organizations are 'very prepared' to face ransomware.

85% of security teams acknowledged that traditional detection methods are not keeping pace with modern threats.

50% of senior decision-makers reported concern about AI-generated phishing emails, compared to 40% of junior management

$1.7 million USD is the average downtime cost per ransomware incident reported by organizations.