Ransomware Risk Report: No Time for Complacency

78% of Surveyed Organizations Targeted by Ransomware

Our annual global study of IT and security professionals reveals escalating threats, longer recovery times, and widespread business disruption, despite a modest reduction in successful attacks.

Download now

The most important thing that you can do to prevent yourself from falling victim to a ransomware attack is … to prepare your business for disruption: to have backups in place, to ensure that your technology is as secure as possible, that you’ve implemented multi-factor authentication, that you’ve patched your internet-facing devices.
Jen Easterly Former Director of the Cybersecurity and Infrastructure Agency (CISA)

Ransomware-related challenges persist as agentic AI attacks gain traction

The spread of generative AI, an increasing concern about agentic AI attacks, rising geopolitical tensions, global regulatory shifts … many new developments are complicating the cyber threat landscape. How well are organizations adapting? The 2025 Ransomware Risk Report checks in with 1,500 IT and security professionals to find out.

Get the report

78%

of responding organizations were targeted by ransomware within the past 12 months

69%

of successful attacks resulted in ransom payment

83%

of attacks compromised the identity infrastructure

40%

of attacks leveraged threats of physical violence against staff

Paying ransoms should never be the default option. While some circumstances might leave the company in a no-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom.
Mickey Bresman Semperis CEO

Study reveals new attack insights from organizations around the world

There’s good news in this year’s findings: Ransomware attack frequency and success saw modest decreases. But as former US National Cyber Director and Semperis Strategic Advisor Chris Inglis told us, “Now is not the time for complacency. True regret isn’t not knowing what you should have done; it’s not having done what you knew was needed and had the means to do.”

73%

of companies that were successfully attacked by ransomware were attacked multiple times—32% three or more times.

55%

of ransomware victims that paid ransom did so multiple times; 29% paid three times or more.

Disruptions and lagging recovery times threaten business resilience

Despite gains in fending off attacks, business disruptions are continuous, persistent, and potentially life-threatening. And organizations are taking longer to return to business as normal.

“If you don’t properly secure your environment, you’re going to pay more for your insurance—or you’re going to become uninsurable,” warns Jeff Wichman, Semperis Director of Incident Response. To protect your investment, he says, “You need to determine what your weak spots are, think of different tactics that an attacker might throw at you, start building from there—and then test, test, test.”

See the statistics

15%

of victims did not receive usable decryption keys

76%

of ransomware victims needed more than 1 day to return to normal operations

Identity is a core, foundational piece of your infrastructure that underpins every other function. The ability to recover identity to a trustworthy state is paramount, and every other piece of recovery builds from there—including data security and the ability to keep attackers from gaining a stronger foothold and accessing not just data but other Tier 0 resources.
Sanjay Poonen Cohesity CEO

2025 ransomware report statistics on identity security

IAM infrastructure remains a top target

With threat actors targeting the identity and access management (IAM) infrastructure itself, and credential abuse ranking as a top attack vector, organizations must strengthen their IAM defenses to stay ahead of attackers.

Yet despite 90% of respondents telling us that they have implemented an Identity Threat Detection and Response (ITDR) strategy, a much smaller percentage include AD recovery procedures in their disaster recovery plan or maintain dedicated, AD-specific backup systems—both key parts of effective ITDR. That’s a gap that attackers will be more than happy to exploit.

Read the report

You can’t simply bolt on identity security because it is core to business operations and critical to sustain defense against sophisticated and motivated nation state–backed threat groups. Like business resilience, identity resilience must be addressed at the core.
Chris Inglis Former US National Cyber Directory, Semperis Strategic Advisor

Organizations note challenges to cybersecurity, business resilience

Organizations across the globe still see cyberattacks as the biggest threat to business resilience, and an increase in the frequency and sophistication of those attacks is their top cybersecurity concern.

Download report

Sophisticated, frequent cyber threats

Budget constraints

Outdated or legacy systems

Identity system attacks

Cybersecurity regulations

Experts offer insights into ransomware resilience

What can organizations do to prepare for the new generation of AI-driven attacks? Our panel of experts weighs in on steps you can take today to reduce ransomware threats that exploit legacy vulnerabilities and the identity infrastructure—organizations’ other two top cybersecurity concerns—while managing business resilience challenges, including regulatory compliance.

Learn more