skip navigation
skip mega-menu

Ransomware in 2025: Organisations at Risk & Making Headlines

The latest State of Ransomware report from Sophos, based on insights from 3,400 IT leaders across 17 countries, paints a complex picture: progress is being made, but risks remain.

What’s Driving Attacks?

While exploited vulnerabilities remain the top technical cause (32%), the real issue lies in operational gaps:

  • Lack of expertise (40.2%) – Many organisations lack the skills to detect or respond to threats.
  • Unknown security gaps (40.1%) – Unmapped attack surfaces leave businesses exposed.
  • Insufficient capacity (39.4%) – Limited resources and outdated tools hinder response.

As Gavin Wood, CyberLab CEO, puts it: “These aren’t just technical failures—they’re organisational blind spots. Cyber security must be a business-wide priority.”

Positive Trends in 2025

There’s good news too. Only 50% of attacks led to data encryption—the lowest in six years. Ransom demands dropped 34% to $1.32M, and actual payments fell 50% to $1M. Recovery is faster: 53% of organisations bounce back within a week, up from 35%.

But the cost of recovery remains high—$1.53M on average, and $638K for smaller firms.

How to Stay Protected

CyberLab recommends a Defence in Depth strategy:

  • 24/7 threat monitoring
  • Regular penetration testing
  • Proactive vulnerability management
  • Backup rehearsals and incident response planning

By layering defences, organisations can detect, prevent, and respond to threats more effectively, minimising impact and building long-term resilience.

Read the full blog on the CyberLab website

Subscribe to our newsletter

Sign up here