Key Findings
62% of retailers who experienced attacks restored their data using backups in 2025, the lowest rate in four years
47% of retail IT/cybersecurity teams reported increased pressure after experiencing data encryption in 2025
The median ransom demand for retail ransomware attacks doubled to $2 million in 2025 compared to 2024
The average cost of recovering from a ransomware attack in retail, excluding any ransom payment, dropped by 40% to $1.65 million in 2025, the lowest point in three years
The proportion of retailers hit by extortion-only attacks tripled from 2% in 2023 to 6% in 2025
58% of retail organizations with encrypted data paid the ransom in 2025, marking the second highest payment rate in five years
26% of cases in retail saw leadership teams replaced as a result of data encryption in 2025
46% of retail ransomware incidents were traced to an unknown security gap in 2025