Veeam announced the findings of their latest research, From Risk to Resilience: Veeam 2025 Ransomware Trends and Proactive Strategies Report, revealing alarming insights into the evolving threat landscape of ransomware attacks. With cyber threats becoming more sophisticated and frequent, the report underlines the need for organisations to prioritise their defences, mitigate risks, and recover effectively. To help address these persistent cyber threats, the report shares several actionable steps organisations can take to bolster defence, mitigate risk and recover more quickly, as well as the best practices of companies able to successfully recover. Veeam surveyed 1,300 organisations to gauge how Chief Information Security Officers (CISOs), security professionals, and IT leaders are recovering from cyber threats. 

Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organisations globally. The Veeam report reveals that while the percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, the threat remains substantial. This decrease is attributed to improved preparation and resilience practices, as well as increased collaboration between IT and security teams. However, as ransomware attacks from both established groups and “lone wolf” actors proliferate, organisations must adopt proactive cyber resilience strategies to mitigate risks and recover more swiftly and effectively from incidents. 

“Organisations are improving their defences against cyberattacks, yet 7 out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%. Our latest findings clearly indicate that the threat of ransomware will continue to challenge organisations throughout 2025 and beyond,” said Anand Eswaran, CEO of Veeam. “As the nature and timing of attacks evolve, it is essential for every organisation to transition from reactive security measures to proactive data resilience strategies. By adopting a proactive security approach, investing in strong recovery solutions, and fostering collaboration across departments, organisations can significantly reduce the impact of ransomware attacks.”

Key Findings and Trends to Watch in 2025

• Law Enforcement is Forcing Threat Actors to Adapt: In 2024, coordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance.
• Data Exfiltration Attacks Grow: The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organisation’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information—like personal data, financial records, or intellectual property—and transferring it outside the organisation. Organisations with weak cybersecurity measures are particularly vulnerable, as threat actors rapidly exploit vulnerabilities, often within hours.
• Ransomware Payments Are Decreasing: The total value of ransomware payments fell in 2024, with 36% of affected organisations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasising the importance of robust recovery strategies. 
• Legal Consequences of Ransom Payments are Emerging: New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organisations to strengthen their defences rather than capitulate to attackers.
• Collaboration Reinforces Resilience Against Ransomware: Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defences against ransomware.
• Budgets Rise for Security and Recovery, but More Is Needed: While organisations are allocating more resources to security and recovery efforts, there remains a significant gap in investment relative to the growing threat landscape.

Organisations that prioritise data resilience can recover from attacks up to seven times faster and experience significantly lower data loss rates. These successful organisations share several common attributes, including robust backup and recovery strategies, proactive security measures, and effective incident response plans. The report emphasises the importance of shifting from reactive security to proactive cyber resilience strategies to meet the challenges of ransomware. Findings from the report also encouraged organisations to adopt the 3-2-1-1-0 data resilience rule, ensuring that backups are immutable and free from malware before restoration.

Pre-attack confidence among ransomware victims often doesn’t reflect reality, as 69% believed they were prepared before being attacked, while their confidence plummeted by over 20% afterwards, revealing significant gaps in planning. While 98% of respondents had a ransomware playbook, less than half of organisations had key technical elements included, such as backup verifications and frequencies (44%) and a pre-defined “chain of command” (30%). Notably, CIOs experienced a 30% decline in their preparedness rating post-attack, compared to a 15% drop for CISOs, suggesting that CISOs have a clearer grasp of their organisation’s security posture. These findings underscore the importance of fostering organisational alignment in cyber resilience and preparation, emphasising the need for regular training and exercises across all teams to ensure a coordinated response during and after an attack.

The full Veeam 2025 Ransomware Trends and Proactive Strategies Report is available now for download at https://go.veeam.com/ransomware-trends. For more information on Veeam, visit https://www.veeam.com.