Semperis has unveiled an eye-opening global ransomware study encompassing insights from nearly 1,500 organisations across various industries. This study sheds light on the relentless nature of ransomware attacks, highlighting that for 40% of these attacks, threat actors went so far as to threaten physical harm to executives if ransom demands were unmet.
The 2025 Ransomware Risk Report presents startling findings particularly concerning UK organisations, with 84% being targeted and nearly half of these attacks proving successful. Across several countries, including the US, UK, and others, the report notes 47% of attacked companies faced additional threats where hackers threatened to file regulatory complaints against them unless incidents were reported.
Over time, there’s been a marginal reduction in the number of companies paying ransoms with 69% of victimised companies still paying ransoms, a drop of 10 percentage points. Yet, a troubling statistic emerges: the UK government and public sector has an alarming compliance rate of 83%. Globally, repeat ransom payments follow, with 38% of companies succumbing to multiple demands.
According to Chris Inglis, "Now is not the time for complacency. True regret isn't knowing what you should have done; it's not having done what you knew you needed and had the means to do".
Ransomware attacks today are not only well-coordinated and strategically executed but are deeply embedded before being carried out, enabling multiple attackers to breach various systems. This calls for constant vigilance, anticipating not just isolated incidents but a potential slew of breaches.
Business resilience faces its gravest challenge from sophisticated attacks and increasingly targeted identity infrastructure, notably Active Directory. Alarmingly, 20% of companies end up with non-functional decryption keys or have their stolen data leaked post-payment.
“Paying ransoms should never be the default option... we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” said Mickey Bresman, CEO of Semperis.
Building resilience begins with scrutinising partners and supply chain vendors, who may be able to access sensitive systems and data and may inadvertently be weak links. Additionally, anticipating evolving ransomware tactics and regularly conducting tabletop exercises are vital in honing incident responses.
Jen Easterly, former Director of the Cybersecurity and Infrastructure Agency, offers a hopeful vision where cyberattacks become rare enough to warrant evening news headlines instead of the morning meeting agenda. She believes that through concerted efforts, organisations can emerge victorious in the battle against criminal cyber enterprises.
For further guidance and strategies, the full ransomware study titled "2025 Ransomware Risk Report: Essential Guidance for Building Operational Resilience Against Cyberattacks" is available. Semperis remains committed to fortifying global organisations against cyber threats, particularly focusing on hybrid identity systems such as Active Directory.