A survey it commissioned has revealed other notable trends in its user base for 2024 to date.

Based on a recent survey of 1,300 respondents*, 900 of whom had experienced at least one ransomware attack in the past 12 months (involving data encryption and exfiltration), a cybersecurity firm has announced some key findings.

First, the percentage of respondents impacted by ransomware attacks had slightly declined from 75% (2024) to 69%.

Second, of those that had experienced cyberattacks, 10% recovered more than 90% of their data, while 57% recovered less than  50%.

Other findings

Third, coordinated efforts by law enforcement agencies in 2024 that had led to significant disruptions in major ransomware groups seem to have caused the rise of smaller groups and independent attackers in the latest survey. Also:

  • Numbers show an increase in exfiltration-only attacks, when cybercriminals break into an organization’s network but do not encrypt or lock the data. Instead, they focus  on stealing sensitive information and  transferring it outside the organization for rapidly exploitation, often within hours.
  • Survey data (which applies to year 2024), indicates 36% of affected respondents opting not to pay a ransom. Of those that did pay, 82% had cited paying less than the initially demanded amount, and 60% had cited paying less than half that sum. National laws and initiatives such as the International Counter Ransomware Initiative could have spurred this trend.
  • 69% of respondents cited their belief that they were prepared before being attacked, but had their confidence plummet by over 20% after an attack.
  • While 98% of respondents had a ransomware playbook, less than half had key technical  elements included, such as backup verifications and frequencies (44%) and a pre-defined “chain of command”  (30%).
  • After an attack, CIO respondents cited experiencing a 30% decline in their preparedness rating, compared to a 15% drop for CISOs.

According to Anand Eswaran, CEO, Veeam, the firm that commissioned the survey conducted for 2025 publication: “As the nature and timing of attacks evolve, it is essential for every organization to transition from reactive security measures to proactive data resilience strategies… investing in strong recovery solutions, and fostering collaboration across  departments… to significantly reduce the impact of ransomware attacks.”

*Chief Information Security Officers or executives with similar responsibilities, as well as security professionals and IT leaders from across the Americas, Europe, and Australia