Narayan AmmachchiNearly 50% of ransomware victims over the past year recovered their data by paying a ransom — often lower than the amount originally demanded.
This marks the second-highest rate of ransom payments in six years, according to a study by cybersecurity firm Sophos.
The findings come from a global survey of 3,400 IT and cybersecurity leaders across 17 countries. The incidents analyzed occurred between January and March 2025.
The study reveals a clear gap in preparedness. Vulnerability exploitation was the top technical cause of attacks. Alarmingly, 40% of victims admitted the attackers exploited unknown security gaps — pointing to visibility challenges in organizations’ attack surfaces.
Ransom demands varied by company size. For firms earning over $1 billion, the median demand was $5 million. For companies with revenue below $250 million, demands averaged under $350,000.
Resourcing shortfalls played a major role. About 63% of respondents said lack of expertise or staffing contributed to their breach. Larger firms cited skills shortages, while midsize companies struggled with capacity.
Still, not all attacks were successful. Around 44% of companies stopped ransomware before data encryption.
“The silver lining is that awareness is improving,” said Chester Wisniewski, director and field CISO at Sophos. “Many firms are now bringing in incident responders to contain threats, cut ransom costs, and recover faster.”
Add comment