CYBERSECURITY | Nearly half of companies paid ransom, Sophos finds
The global survey, which included responses from 3,400 IT and cybersecurity leaders across 17 countries, found that ransom demands and payments have both dropped sharply over the past year.
Nearly 50% of companies targeted by ransomware attacks paid to recover their data, according to Sophos’ 2025 State of Ransomware report. The median payment was $1 million, though 53% of paying organizations negotiated lower amounts than the initial demands.
The global survey, which included responses from 3,400 IT and cybersecurity leaders across 17 countries, found that ransom demands and payments have both dropped sharply over the past year. While the median demand fell by one-third between 2024 and 2025, actual payments declined by 50%.
Sophos said companies are becoming more adept at damage control, often negotiating payments through third-party responders. In fact, 71% of organizations that paid less than the original demand did so through negotiation.
Despite the financial toll, many businesses are still struggling to prevent attacks. Exploited vulnerabilities remained the top technical cause of ransomware breaches for the third year in a row. Forty percent of victims said attackers exploited security gaps they weren’t aware of. Resourcing issues also played a key role, with large organizations citing lack of expertise and mid-sized ones pointing to insufficient staff.
“Thanks to increased awareness, many companies are better prepared, hiring incident responders to reduce ransom payments and speed up recovery,” said Chester Wisniewski, director and field CISO at Sophos. “But real progress lies in fixing root causes—like patching vulnerabilities and strengthening visibility.”
Other findings from the 2025 report include:
Faster Recovery Times: 53% of organizations fully recovered within a week, up from 35% in 2024. Only 18% took more than a month to recover.
Drop in Data Encryption: Just 50% of attacks resulted in data encryption—the lowest rate in six years.
Backup Use Declined: Only 54% used backups for data recovery, a six-year low.
Ransom Costs Vary Widely: State and local governments paid the highest median ransom at $2.5 million, while healthcare organizations paid the least at $150,000.
Recovery Costs Down: Average recovery costs dropped from $2.73 million in 2024 to $1.53 million this year.
The findings suggest companies are getting better at managing ransomware threats but still face significant challenges in prevention and preparedness. Sophos recommends organizations adopt tools like managed detection and response (MDR), implement strong endpoint defenses, and maintain regularly tested backup and recovery plans.
The full report was based on data collected between January and March 2025 and will be supplemented with industry-specific findings later in the year.
WATCH TECHSABADO ON OUR YOUTUBE CHANNEL:
WATCH OUR OTHER YOUTUBE CHANNELS:
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
