57% of the organisations surveyed were affected by ransomware.

61% of repeat ransomware victims say their security tools do not integrate.

37% of organisations affected twice or more by ransomware paid the attackers.

21% of ransomware incidents involved installing backdoors for persistence.

41% of successful ransomware attacks resulted in reputational harm.

16% of successful ransomware attacks involved payment pressure tactics threatening employees.

31% of ransomware victims were affected multiple times in the last 12 months.

74% of repeat ransomware victims state they are juggling too many security tools.

65% of organisations in local government were affected by ransomware.

Ransomware attackers have a one-in-three chance of payout.

32% of ransomware victims paid the attackers to recover or restore data.

67% of organisations in healthcare were affected by ransomware.

22% of successful ransomware attacks involved payment pressure tactics threatening partners, shareholders, and customers.

25% of successful ransomware attacks led to a loss of new business opportunities.

SCATTERED SPIDER moved from initial access to encryption by deploying ransomware in under 24 hours in one observed case

Ransomware rose 36% year over year.

Ransomware attacks are averaging 20 incidents per day.

3,662 ransomware victims were tracked globally by KELA in the first half of 2025. This represents a 54% increase year-over-year (YoY) compared to the first half of 2024, as KELA tracked a total of 5,230 victims in all of 2024.

There were 3,649 documented ransomware attacks in H1 2025.

Ransomware attacks grew in frequency to 608 per month, or roughly 20 per day.