50% of law firms cited phishing as the top cybersecurity concern, a new category this year, surpassing ransomware and user behavior.

16% of successful ransomware attacks involved payment pressure tactics threatening employees.

27% of ransomware incidents involved attackers stealing data.

41% of those who paid a ransom failed to recover all their data.

22% of successful ransomware attacks involved payment pressure tactics threatening partners, shareholders, and customers.

67% of organisations in healthcare were affected by ransomware.

59% of ransomware non-victims had implemented an email security solution.

Ransomware attackers have a one-in-three chance of payout.

32% of ransomware victims paid the attackers to recover or restore data.

Just under a quarter (24%) of the ransomware incidents experienced by respondents involved data encryption.

61% of repeat ransomware victims say their security tools do not integrate.

74% of repeat ransomware victims state they are juggling too many security tools.

27% of ransomware incidents involved attackers publishing data.

57% of the organisations surveyed were affected by ransomware.

Ransomware attacks are averaging 20 incidents per day.

There were 3,649 documented ransomware attacks in H1 2025.

The U.S. was the top ransomware target, accounting for 53% of all ransomware incidents, in H1 2025.

3,662 ransomware victims were tracked globally by KELA in the first half of 2025. This represents a 54% increase year-over-year (YoY) compared to the first half of 2024, as KELA tracked a total of 5,230 victims in all of 2024.

Ransomware attacks grew in frequency to 608 per month, or roughly 20 per day.

Clop ransomware experienced a 2,300% increase in victim claims, which was driven by the exploitation of a vulnerability in Cleo software.