The average duration business operations were affected by ransomware in financial services was 33 days.

In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry.

In 2023, only 11.1% of backups were affected by ransomware.

Before 2023, 62.8% of backups were affected by ransomware.

The U.S. and U.K. together represent over 70% of ransomware attacks.

The U.S. accounts for 60% of all ransomware attacks against financial institutions.

The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.

42 countries experienced their first ransomware incidents between July 2024 and June 2025.

41 new ransomware groups have emerged between July 2024 and June 2025.

The United States remained the primary target, accounting for 47% of known ransomware attacks.

There has been a 46% increase in targeted countries by ransomware over three years.

There has been a 25% year-over-year increase in ransomware attacks from July 2024 to June 2025.

The number of active ransomware groups has exceeded 60 for the first time.

Monthly volatility in ransomware attacks increased 50% year-over-year.

42 previously unaffected countries experienced their first-ever ransomware attacks in the last 12 months.

The number of active ransomware groups has doubled over the last three years.

A historic peak of over 1,000 recorded ransomware incidents occurred in February 2025 alone.

UK organisations are now more than three times more likely to recover from backups than pay the ransom.

57% of UK organisations recovered from backups when hit by ransomware.

17% of UK organisations hit by ransomware in the past year paid the ransom. This figure is down from 27% in 2024 and 44% in 2023.