
The latest State of Ransomware report from Sophos, based on insights from 3,400 IT leaders across 17 countries, paints a complex picture: progress is being made, but risks remain.
What’s Driving Attacks?
While exploited vulnerabilities remain the top technical cause (32%), the real issue lies in operational gaps:
- Lack of expertise (40.2%) – Many organisations lack the skills to detect or respond to threats.
- Unknown security gaps (40.1%) – Unmapped attack surfaces leave businesses exposed.
- Insufficient capacity (39.4%) – Limited resources and outdated tools hinder response.
As Gavin Wood, CyberLab CEO, puts it: “These aren’t just technical failures—they’re organisational blind spots. Cyber security must be a business-wide priority.”
Positive Trends in 2025
There’s good news too. Only 50% of attacks led to data encryption—the lowest in six years. Ransom demands dropped 34% to $1.32M, and actual payments fell 50% to $1M. Recovery is faster: 53% of organisations bounce back within a week, up from 35%.
But the cost of recovery remains high—$1.53M on average, and $638K for smaller firms.
How to Stay Protected
CyberLab recommends a Defence in Depth strategy:
- 24/7 threat monitoring
- Regular penetration testing
- Proactive vulnerability management
- Backup rehearsals and incident response planning
By layering defences, organisations can detect, prevent, and respond to threats more effectively, minimising impact and building long-term resilience.