Sophos: The State of Ransomware 2025 assets.sophos.com/X24WTUEQ/…

For the third year running, victims identified exploited vulnerabilities as the most common technical root cause of attack, used in 32% of incidents.

Multiple operational factors contribute to organizations falling victim to ransomware, with the most common being a lack of expertise, named by 40.2% of victims. It is followed in very close succession by having security gaps that the organization was not aware of, which was a contributing factor in 40.1% of attacks. In third place was lack of people/capacity, which contributed to 39.4% of attacks.

49% of victims paid the ransom to get their data back. While this represents a slight drop from last year’s 56%, it is the second highest ransom payment rate in six years.

*****
Written on