The State of Ransomware 2025

Why do organizations fall victim to ransomware? How do they recover? What business and human impacts can you expect if it happens to you?

Read The State of Ransomware 2025 to find the answers in our extensive global report, which include the latest ransomware stats by company size.

Get the report now

#1

root cause: exploited vulnerabilities

63%

fall victim due to a lack of people or skills

$1.0M

average ransom payment

$1.5M

average recovery cost

When you download our free report, you’ll learn how ransomware and the recovery strategies of thousands of organizations across 14 countries and 15 industries have evolved over the past five years. You’ll also discover trends from brand new research areas in 2024:

How much victims pay compared to the initial ransom demand
The percentage, on average, of an organization’s computers affected by an attack
The impact of backup data compromises on recovery efforts
The role of law enforcement in attack remediation

When you download our free report, you’ll learn how the cause and consequences of ransomware in thousands of organizations across 17 countries have evolved over the past six years. You’ll also discover insights from brand new research areas in 2025:

The operational factors that led organizations to fall victim to attacks.
Why 53% pay less than the initial ransom demand – and 18% pay more.
The human impact of incidents on IT/cybersecurity teams.

How do your ransomware experiences compare with those of thousands of frontline IT and cybersecurity professionals?

3,400 pros from 17 countries detail their real-world ransomware experiences in our sixth annual report, which reveals fresh insights into the prevalence, impact, reach, and cost of the attacks.

Based on a vendor-agnostic survey, the report includes:

Six-year attack trends.
Most common causes of attacks.
Current encryption and data theft success rates.
Ransomware demands vs. payments.
How company size impacts organizations’ experiences of ransomware.
Recovery costs and time.

sophos-state-of-ransomware-2024-report-covers

How do your ransomware experiences compare with those of thousands of frontline IT and cybersecurity professionals?

3,400 pros from 17 countries detail their real-world ransomware experiences in our sixth annual report, which reveals fresh insights into the prevalence, impact, reach, and cost of the attacks.

Based on a vendor-agnostic survey, the report includes:

Six-year attack trends.
Most common causes of attacks.
Current encryption and data theft success rates.
Ransomware demands vs. payments.
How company size impacts organizations’ experiences of ransomware.
Recovery costs and time.

Some of the topics covered in The State of Ransomware 2025

Why organizations get hit

Which technical and operational factors leave organizations exposed and how they vary by company size.

What happens to the data

How the data encryption rate and data theft success rate has changed year over year.

Ransom negotiations

Why most ransom payments differ from the amount initially demanded.

The cost of ransomware

How overall recovery costs have changed year over year and how they vary by company size.

Root causes of attacks

A look at the significant repercussions that having data encrypted in attacks has on IT/cybersecurity teams.

Defense strategies

Four key recommendations to help you stay ahead of attacks.

Optimize your ransomware defense strategy

Discover what’s happening on the front line and use the insights to enhance your defenses.

Get the report