Nearly half of global organisations affected by ransomware in 2025 chose to pay attackers to recover their data, despite growing investments in cybersecurity. This is according to the State of Ransomware 2025 report released by cybersecurity firm Sophos on Tuesday.
The study, which surveyed 3,400 IT and cybersecurity professionals across 17 countries, revealed that 46% of organisations paid a ransom—the second-highest figure recorded in six years. Interestingly, over half of these companies were able to negotiate a lower ransom, often by engaging third-party negotiators or security experts.
Although ransom amounts have dipped, they remain significant. Median payments fell from $2 million in 2024 to $1 million in 2025, while the average ransom demand also declined by one-third.
READ ALSO: Nigerians Spent N2.23tn on Ransom Payments in One Year – NBS
Large enterprises—particularly those earning over $1 billion—continued to face the highest demands, with median ransom figures hitting $5 million. In contrast, smaller companies with under $250 million in revenue typically faced demands below $350,000.
Sophos’ Field Chief Information Security Officer, Chester Wisniewski, noted a positive shift: “Organisations are becoming more aware of ransomware risks and are hiring incident response teams to cut down both payment sizes and recovery times.”
The report also highlighted key weaknesses that continue to expose firms to attacks:
-
40% of ransomware incidents stemmed from unpatched security flaws.
-
63% of victims blamed staffing shortages—large firms cited a lack of expertise, while mid-sized ones struggled with insufficient manpower.
Despite these gaps, companies are making progress in defence:
-
44% of attacks were intercepted before any data was encrypted—the best rate in six years.
-
Only 50% of attacks resulted in data encryption, a notable drop from previous years.
-
Just 54% relied on backups to restore data, the lowest recovery-by-backup rate in the past six years.
Financial recovery costs have also dropped. On average, the total cost of recovering from a ransomware attack declined from $2.73 million in 2024 to $1.53 million in 2025. Government agencies were hit hardest, paying a median of $2.5 million, while the healthcare sector reported the lowest payouts, around $150,000.
Encouragingly, more organisations are bouncing back faster. Over 50% of affected firms resumed normal operations within a week, compared to just 35% the previous year. Only 18% needed more than a month to recover, a significant improvement from 34% in 2024.
Wisniewski stressed that beating ransomware is possible with the right steps: “It all starts with patching systems, increasing visibility, and investing in proper resources.”
Sophos urged companies to adopt layered security strategies, including regular patching, multi-factor authentication, and managed detection and response (MDR) services.
