.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
.avif?width=1024&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "HIPAA - Banner with Media - Background")
The State of Ransomware 2025
Why do organisations fall victim to ransomware? How do they recover? What business and human impacts can you expect if it happens to you?
Read The State of Ransomware 2025 to find the answers in our extensive global report, which include the latest ransomware stats by company size.#1
root cause: exploited vulnerabilities
63%
fall victim due to a lack of people or skills
$1.0M
average ransom payment
$1.5M
average recovery cost
When you download our free report, you’ll learn how the cause and consequences of ransomware in thousands of organisations across 17 countries have evolved over the past six years. You’ll also discover insights from brand new research areas in 2025:
- The operational factors that led organisations to fall victim to attacks.
- Why 53% pay less than the initial ransom demand – and 18% pay more.
- The human impact of incidents on IT/cybersecurity teams.
How do your ransomware experiences compare with those of thousands of frontline IT and cybersecurity professionals?
3,400 professionals from 17 countries detail their real-world ransomware experiences in our sixth annual report, which reveals fresh insights into the prevalence, impact, reach, and cost of the attacks.
Based on a vendor-agnostic survey, the report includes:
- Six-year attack trends.
- Most common causes of attacks.
- Current encryption and data theft success rates.
- Ransomware demands vs. payments.
- How company size impacts organisations’ experiences of ransomware.
- Recovery costs and time.
Some of the topics covered in The State of Ransomware 2025
Why organisations get hit
Which technical and operational factors leave organisations exposed and how they vary by company size.
What happens to the data
How the data encryption rate and data theft success rate have changed year on year.
Ransom negotiations
Why most ransom payments differ from the amount initially demanded.
The cost of ransomware
How overall recovery costs have changed year over year and how they vary by company size.
Root causes of attacks
An examination of the significant consequences that the encryption of data during attacks has on IT/cybersecurity teams.
Defence strategies
Four key recommendations to help you stay ahead of attacks.
