Cybersecurity News in Asia

Surveyed IT professionals report 78% ransomware targeting: highest ransom payments paid by APAC

By CybersecAsia editors | Tuesday, August 12, 2025, 11:59 AM Asia/Singapore

Global respondents revealed identity system breaches, ransom refusal risks, payment frequency variances, operational delays, and regulatory complaint extortion tactics.

Based on a survey of 1,500 IT and security professionals across North America, the United Kingdom, Europe, and the Asia Pacific region* conducted in the first half of 2025 on ransomware experiences, a cybersecurity firm has shared several key findings with the media.

First, 78% of responding organizations had reported being targeted by ransomware attacks in the past 12 months, with 56% of those attacks succeeding. Among victims of successful attacks, 73% had indicated experiencing multiple attacks, and 31% had reported three or more attacks during the period.

Second, ransomware victim organizations had indicated varying payment rates by region. Those in the Asia Pacific region (APAC) cited the highest payment rate at 85%, followed by those in the UK at 68%, North America at 66%, and Europe at 50%. Additionally, 50% of affected firms from Singapore had indicated paying ransom multiple times.

Other findings

Third, the dominance of identity-related breaches in attacks was analyzed, with 83% of responding organizations globally indicating compromises to identity infrastructure. Those from APAC had indicated a rate of 93%. However, 66% of respondents had cited having a documented Active Directory recovery plan, and 60% had cited maintaining dedicated backup systems specific to Active Directory. Also:

The data analysis showed the ransomware-related business disruptions as job losses, data breaches, and cyber insurance disruptions. Approximately 15% of victim organizations that had paid ransoms had indicated they did not receive usable decryption keys, while 3% had indicated attackers had published or otherwise misused stolen data despite the payment of ransoms.
47% of responding organizations globally cited attackers leveraging threats to file regulatory complaints against their operations as a tactic to extort ransom payments. This tactic was most prevalent in Singapore at 66%, the highest among surveyed countries.
23% of responding organizations cited facing prolonged recovery periods post-attack, down from a figure of 39% from a similar survey in the prior year; and 18% requiring between one week and one month to return to normal operations.
The survey also highlighted challenges related to cybersecurity threats, regulatory compliance, budget constraints, identity system attacks, and legacy systems as top concerns affecting business resilience.

According to Mickey Bresman, CEO, Semperis, the firm that disclosed its survey report data trends: “Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom.”

*Respondents represented industries such as education, finance, healthcare, government, energy, manufacturing and utilities, IT and telecommunications, and travel and transportation. The methodology disclosed does not provide detailed information such as sampling technique, respondent selection criteria, response rate, or questionnaire design specifics. Additionally, the report does not disclose how data were weighted, controlled for bias, or verified independently. Users should interpret findings as reflective of this particular sample of IT and security professionals at the time of data collection rather than as definitive industry-wide or global generalizations.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keeps members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more
Meeting the business resilience challenges of digital transformation
Data proves to be key to driving secure and sustainable digital transformation in Southeast Asia.Read more
Upgrading biometric authentication system protects customers in the Philippines: UnionDigital Bank
An improved dual-liveness biometric framework can counter more deepfake threats, ensure compliance, and protect underbanked …Read more

Featured

Web browsers that rank lowest for privacy protection

Featured

The impact of APAC’s AI buildout on cybersecurity in 2026

Featured