Global respondents revealed identity system breaches, ransom refusal risks, payment frequency variances, operational delays, and regulatory complaint extortion tactics.

Based on a survey of 1,500 IT and security professionals across North America, the United Kingdom, Europe, and the Asia Pacific region* conducted in the first half of 2025 on ransomware experiences, a cybersecurity firm has shared several key findings with the media.

First, 78% of responding organizations had reported being targeted by ransomware attacks in the past 12 months, with 56% of those attacks succeeding. Among victims of successful attacks, 73% had indicated experiencing multiple attacks, and 31% had reported three or more attacks during the period.

Second, ransomware victim organizations had indicated varying payment rates by region. Those in the Asia Pacific region (APAC) cited the highest payment rate at 85%, followed by those in the UK at 68%, North America at 66%, and Europe at 50%. Additionally, 50% of affected firms from Singapore had indicated paying ransom multiple times.

Other findings

Third, the dominance of identity-related breaches in attacks was analyzed, with 83% of responding organizations globally indicating compromises to identity infrastructure. Those from APAC had indicated a rate of 93%. However, 66% of respondents had cited having a documented Active Directory recovery plan, and 60% had cited maintaining dedicated backup systems specific to Active Directory. Also:

  • The data analysis showed the ransomware-related business disruptions as  job losses, data breaches, and cyber insurance disruptions. Approximately 15% of victim organizations that had paid ransoms had indicated they did not receive usable decryption keys, while 3% had indicated attackers had published or otherwise misused stolen data despite the payment of ransoms.
  • 47% of responding organizations globally cited attackers leveraging threats to file regulatory complaints against their operations as a tactic to extort ransom payments. This tactic was most prevalent in Singapore at 66%, the highest among surveyed countries.
  • 23% of responding organizations cited facing prolonged recovery periods post-attack, down from a figure of 39% from a similar survey in the prior year; and 18% requiring between one week and one month to return to normal operations.
  • The survey also highlighted challenges related to cybersecurity threats, regulatory compliance, budget constraints, identity system attacks, and legacy systems as top concerns affecting business resilience.

According to Mickey Bresman, CEO, Semperis, the firm that disclosed its survey report data trends: “Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom.”

*Respondents represented industries such as education, finance, healthcare, government, energy, manufacturing and utilities, IT and telecommunications, and travel and transportation. The methodology disclosed does not provide detailed information such as sampling technique, respondent selection criteria, response rate, or questionnaire design specifics. Additionally, the report does not disclose how data were weighted, controlled for bias, or verified independently. Users should interpret findings as reflective of this particular sample of IT and security professionals at the time of data collection rather than as definitive industry-wide or global generalizations.