New research examining global ransomware trends has revealed that 69% of companies afflicted by ransomware have paid a ransom, with the figure rising to 83% among UK government and public sector organisations.
The findings, published in the 2025 Ransomware Risk Report by Semperis, are based on a study involving nearly 1,500 companies across industries in the US, UK, France, Germany, Spain, Italy, Singapore, Canada, Australia, and New Zealand. The report highlights both the prevalence and increasing sophistication of ransomware attacks, with a particular spotlight on pressures faced by organisations to submit to extortion.
Payment and pressure
The study notes that while there has been a slight global year-on-year decline in the proportion of organisations paying ransoms – down 10 percentage points – rates remain high. Globally, 38% of companies that faced ransomware attacks paid ransoms more than once, and 11% reported paying at least three times in the last year. UK government and public sector organisations are especially affected, with 83% having paid, a figure that comes ahead of an anticipated ban on ransomware payments for these entities.
Attackers have reportedly adopted aggressive tactics to secure payment. The research found that in 40% of incidents, threat actors threatened physical harm to company executives when ransom demands were not met. In 47% of cases, hackers threatened to file regulatory complaints against organisations if incidents were not reported to authorities.
Data erasure and the public release of sensitive information remain common threats, but these new tactics signal an escalation in adversarial strategies. Semperis also found that nearly 20% of organisations who paid a ransom did not regain access to their data: either receiving unusable, corrupt decryption keys or seeing stolen data published regardless of payment.
Prevalence in the UK
According to the report, UK businesses are targeted more frequently by ransomware attacks than those in most other countries, with 84% of organisations surveyed reporting an attack in the past year. Around half (49%) of these attacks were successful in breaching defences.
Half of all respondents worldwide identified cybersecurity threats as the most significant risk to their business resilience. The sophistication of attacks was cited as the primary challenge by 37% of organisations, followed by attacks against identity infrastructure, such as Active Directory, by 32%.
Expert perspectives
“Now is not the time for complacency. True regret isn’t knowing what you should have done; it’s not having done what you knew was needed and had the means to do,” said Chris Inglis, former US National Cyber Director and Strategic Advisor at Semperis.
Companies are warned against regarding the modest decrease in ransom payments as a sign that the threat is diminishing. According to Semperis, ransomware attacks are increasingly coordinated and strategically timed to maximise damage, with attackers often gaining deep access to operational systems.
“Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” said Mickey Bresman, CEO of Semperis.
Building resilience
The report recommends that organisations assess the security of their partners and supply chain vendors, as vulnerabilities in these relationships can expose them to additional risk. The report also advises regular ransomware response exercises and preparedness for shifting attack tactics.
There is cautious optimism among some cybersecurity experts. Jen Easterly, former Director of the Cybersecurity and Infrastructure Agency (CISA), commented on potential positive trends in the fight against ransomware.
“I believe that we can make ransomware a shocking anomaly. And that is the world I want to live in: A world where software vulnerabilities are so rare that they make the nightly news, not the morning meeting. A world where cyberattacks are as infrequent as plane collisions. I do believe we can get there.”
