#1 root cause
Exploited vulnerabilities remain the leading cause of ransomware attacks.
The state of ransomware 2025
Why do organizations fall victim to ransomware? How do they recover? What business and human impacts can you expect?
Read our extensive global report for the answers, including the latest ransomware stats by company size.
Key findings
Headline statistics from 3,400 IT and cybersecurity professionals across 17 countries.
63% fall victim
Organizations fall victim due to a lack of people or skills.
$1.0M average payment
The average ransom payment across surveyed organizations.
$1.5M recovery cost
The average total cost to recover from a ransomware attack.
State of Ransomware 2025 overview (1:19)
What you'll discover
Learn how the cause and consequences of ransomware in thousands of organizations across 17 countries have evolved over the past six years. New research areas in 2025 include:
- The operational factors that led organizations to fall victim to attacks
- Why 53% pay less than the initial ransom demand — and 18% pay more
- The human impact of incidents on IT/cybersecurity teams
How do your ransomware experiences compare?
3,400 professionals from 17 countries detail their real-world ransomware experiences in our sixth annual report.
Based on a vendor-agnostic survey, the report reveals fresh insights into the prevalence, impact, reach, and cost of attacks. It includes:
- Six-year attack trends
- Most common causes of attacks
- Current encryption and data theft success rates
- Ransomware demands vs. payments
- How company size impacts organizations' experiences of ransomware
- Recovery costs and time
Topics covered in the report
Key areas explored in the State of Ransomware 2025.
Why organizations get hit
Which technical and operational factors leave organizations exposed and how they vary by company size.
What happens to the data
How the data encryption rate and data theft success rate has changed year over year.
Ransom negotiations
Why most ransom payments differ from the amount initially demanded.
The cost of ransomware
How overall recovery costs have changed year over year and how they vary by company size.
Root causes of attacks
The significant repercussions that having data encrypted in attacks has on IT/cybersecurity teams.
Defense strategies
Four key recommendations to help you stay ahead of attacks.
Optimize your ransomware defense strategy
Download the report
Discover what's happening on the front line and use the insights to enhance your defenses.
Strengthen your ransomware defenses
Connect with our team to discuss how Sophos can help protect your organization.
Get expert guidance
Our team can help you assess your ransomware readiness and recommend the right combination of Sophos products to protect your organization.
- Free technical consultation
- Custom deployment planning
- Flexible licensing options
Related resources
Explore more threat intelligence and security solutions from Sophos.
Sophos Managed Detection and Response
24/7 threat hunting and incident response from Sophos experts to stop ransomware before damage occurs.
Discover Sophos MDR servicesSophos Endpoint
Advanced protection with anti-ransomware technology, deep learning AI, and exploit prevention.
Explore Sophos EndpointAnti-ransomware toolkit
Educate your workforce and deploy best practices to reduce your ransomware risk.
Get the toolkit