On average, businesses across all industries experienced 69 days of operational disruption due to ransomware attacks.

The average duration business operations were affected by ransomware in other industries was 44 days.

The average duration business operations were affected by ransomware in professional services was 85 days.

In 2023, victims paid on average 39.1% of the initial ransom demand.

The U.S. accounts for 60% of all ransomware attacks against financial institutions.

The U.S. and U.K. together represent over 70% of ransomware attacks.

The number of active ransomware groups has exceeded 60 for the first time.

A historic peak of over 1,000 recorded ransomware incidents occurred in February 2025 alone.

Monthly volatility in ransomware attacks increased 50% year-over-year.

41 new ransomware groups have emerged between July 2024 and June 2025.

42 countries experienced their first ransomware incidents between July 2024 and June 2025.

There has been a 25% year-over-year increase in ransomware attacks from July 2024 to June 2025.

The number of active ransomware groups has doubled over the last three years.

The United States remained the primary target, accounting for 47% of known ransomware attacks.

There has been a 46% increase in targeted countries by ransomware over three years.

42 previously unaffected countries experienced their first-ever ransomware attacks in the last 12 months.

The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.

UK organisations are now more than three times more likely to recover from backups than pay the ransom.

24% of UK organisations have a formal policy never to pay a ransom. This figure is double the figure from 2023

57% of UK organisations recovered from backups when hit by ransomware.