2,000 IT and security decision-makers were polled to revealed ransomware attack rates, repeat victim impact, and data recovery challenges experienced.

Based on a April – May 2025 survey of 2,000 IT and security decision-makers* across North America, Europe, and Asia-Pacific on the experience and impact of ransomware incidents in the prior 12 months, a cybersecurity firm has shared some data trends findings on attack prevalence, patterns, and organizational responses  with the media.

First, 57% of surveyed organizations had indicated that they had experienced at least one successful ransomware attack in the past year. Of these, 38% had indicated being affected twice or more. Sector data showed that 67% of healthcare respondents and 65% of local government respondents had indicated being affected.

Second, 71% of respondents who had experienced an email breach in the same period had also indicated that they had been hit by ransomware.

Other findings

Third, 69% of respondents that were repeat victims had indicated that they were juggling too many different security tools, and 62% of these victims had indicated that their security tools could not integrate with one another. Also:

  • 32% of all ransomware victims in the survey had indicated that they had paid a ransom to recover or restore data. This proportion was 37% among those that had been affected twice or more. Within the Asia-Pacific data subset, 34% of respondents had indicated paying a ransom.
  • 34% of ransom-paying respondents had indicated that they did not recover all their data paying up. 65% of those affected had indicated that they had restored their data from backups.
  • 24% of ransomware incidents (according to activity-based responses, had involved data encryption; 27% involved data theft; and 29% involved installation of additional malicious payloads. Other cited attacker activities included infecting multiple endpoints (26%), lateral movement across networks (25%), embedding backdoors or persistence mechanisms (21%), wiping backups (19%), and deleting shadow copies of files (19%).
  • 27% of respondents that were victims had indicated that attackers had exposed or published stolen data. Pressure tactics reported by respondents included threats to partners, shareholders, or customers (22%), threats to alert authorities or the press (21%), and threats to staff (16%).
  • The most frequently cited business impact was brand and company reputation damage (41%), followed by downtime and operational disruption (38%), recovery costs (36%), and loss of sensitive data (34%). One in four respondents in the victims group had indicated losing existing customers (25%) and an equal proportion had indicated losing new business opportunities (25%).

According to Mark Lukie, Director of Solution Architects (Asia-Pacific), Barracuda, the firm that shared its survey findings, respondents in that region had indicated that “fragmented security environments and complex IT infrastructures” had contributed to “blind spots for attackers to exploit”. He also noted that organizations need to “prioritize visibility, integration, and proactive defense measures — including strong backup strategies.”

*senior IT and security decision‑makers in organizations with 50 to 2,000 employees spanning multiple industries in the U.S., UK, France, Germany, Austria, Switzerland, Belgium, the Netherlands, Luxembourg, Denmark, Finland, Norway, Sweden, Australia, India, and Japan. No other critical methodological details were supplied.