Ransomware is an escalating threat, powered by its ability to evolve and adapt to a changing security landscape. Organizations around the world continue to fall victim to ransomware, often repeatedly, and the impact of these attacks can be devastating.
We set out to discover how organizations worldwide experienced ransomware in the last 12 months and what this means for security. The findings, detailed in the new Ransomware Insights Report 2025, shows that complex and fragmented security defenses are leaving organizations immensely vulnerable to attack, exposing security gaps that attackers are quick to exploit.
Too many victims are struggling with an unmanageable number of security tools, while under-investing in key areas that could keep them safe. And too many victims continue to feel they have no choice but to give in to attackers’ demands for payments, despite a significant proportion never recovering all their encrypted data.
The report is based on the insight and experience of 2,000 senior IT and security decision-makers in the U.S., Europe, and Asia-Pacific. The research was undertaken by Barracuda with Vanson Bourne.
Key findings from the research
- 31% of ransomware victims were hit twice or more in the last 12 months. Of these, 74% say they are juggling too many security tools, and 61% say their tools don’t integrate — disrupting visibility and creating blind spots where attackers can hide.
- Many ransomware victims have insufficient coverage in key security areas. For example, fewer than half (47%) of the ransomware victims had implemented an email security solution, compared to 59% of non-victims. This matters because email is a primary attack vector for ransomware: 71% of organizations that suffered an email breach were also hit with ransomware.
- Ransomware attackers have a one-in-three chance of payout. 32% of ransomware victims paid the attackers to recover or restore data, rising to 37% among organizations affected twice or more.
- 41% of those who paid a ransom failed to recover all their data. There can be several reasons for this. The decryption tools provided by the attackers may not work, or they’ve only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don’t provide any decryption tools.
- Ransomware attacks are multidimensional. Just under a quarter (24%) of the ransomware incidents experienced by respondents involved data encryption. A significant number involved the attackers stealing (27%) and publishing data (also 27%), infecting devices with other malicious payloads (29%), installing backdoors for persistence (21%), and more.
- The impact crater of a successful ransomware attack is expanding, from reputational harm (experienced by 41%) to tangible business impact such as loss of new business opportunities (25%) and payment pressure tactics that include threatening partners, shareholders and customers (22%), and employees (16%).
Ransomware resilience
Ransomware continues to be a persistent and lucrative threat in 2025. It ruthlessly exploits security complexity and coverage gaps to carry out multidimensional attacks that cause maximum disruption and financial gain.
Effective protection involves not only preventing successful attacks but also detecting, responding to, and recovering from incidents. It is ultimately about achieving resilience against ransomware.
Organizations need integrated and multilayered security that protects their ever-expanding attack surface from cyberthreats. This should encompass effective data protection and backups, robust access and authentication controls, regular patching, and cybersecurity awareness training. It must also include network segmentation, advanced email and application security, and a regularly updated and rehearsed incident response plan.
Most of all, organizations need to reduce complexity, fragmentation and security sprawl with a unified approach centered on a strong integrated security platform — one that ensures the lights are always on and leaves attackers with nowhere to hide.
Methodology
Barracuda and Vanson Bourne surveyed 2,000 senior security decision-makers in IT and business roles in organizations with between 50 and 2,000 employees from a broad range of industries in the U.S., UK, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), the Nordics (Denmark, Finland, Norway, Sweden), Australia, India and Japan. The fieldwork was conducted in April and May 2025.
For further information and research findings, get the report.
This article was originally published at Barracuda Blog.
Photo: instaphotos / Shutterstock
