Ransomware attacks continue to pose significant challenges for companies worldwide, despite a modest decline in the percentage of organizations affected. According to a report by Veeam, the figure has decreased from 75% to 69%, yet the risk remains high. The report highlights that organizations are enhancing their preparedness through improved resilience practices and fostering collaboration between IT and security teams. This detail emphasizes the need for proactive cyber resilience strategies to effectively mitigate risks.
Despite advancements in defense mechanisms, the statistics reveal that seven out of ten organizations experienced an attack within the last year. Of those that were attacked, only 10% successfully recovered more than 90% of their data, while a significant 57% managed to recover less than half of their data. This concerning trend underscores the persistent threat of ransomware, which is expected to challenge businesses throughout 2025 and beyond, as stated by Anand Eswaran, CEO of Veeam.
Furthermore, the report notes a disturbing shift toward exfiltration-only attacks, where cybercriminals infiltrate networks to steal sensitive data without resorting to encryption. This tactic underscores the urgency for organizations to adopt robust security measures, especially given the reduced dwell time observed in many attacks, which occur in mere hours. Organizations lacking strong cybersecurity protocols are particularly susceptible as threat actors exploit vulnerabilities rapidly.
Lastly, the report highlights a noteworthy decrease in ransomware payments, with 36% of affected organizations choosing not to pay ransoms. Among those that did, 82% paid less than the initial ransom amount proposed by attackers, illustrating a growing skepticism about the trustworthiness of these criminals. In addition, evolving regulations and legal frameworks are actively discouraging ransom payments as part of global initiatives aimed at strengthening defenses against such cyber threats. The concerted effort towards enhancing cybersecurity illustrates a shift towards prioritizing data resilience and proactive strategies, with organizations encouraged to implement the 3-2-1-1-0 rule for effective data management.