In 2025, 5.9% of ransomware attacks were attributed to Qilin, 5.9% to Clop, 5.0% to Akira, 2.9% to Play, and 2.7% to SafePay.

$1.7 million USD is the average downtime cost per ransomware incident reported by organizations.

Manufacturing has been the #1 targeted industry for ransomware attacks for four consecutive years, according to the IBM X-Force 2025 Threat Intelligence Index.

Qilin was responsible for 248 incidents, Clop for 246 incidents, Akira for 209 incidents, Play for 120 incidents, and SafePay for 115 incidents in 2025.

In 2025, five countries accounted for 1,391 ransomware events, representing nearly 30% of all recorded ransomware attacks.

In 2025, Germany experienced 102 ransomware incidents, representing 2.2% of all attacks.

In 2025, 50% of all ransomware attacks are projected to target critical infrastructure, highlighting the urgent need for enhanced cyber resilience strategies.

50% of senior decision-makers reported concern about AI-generated phishing emails, compared to 40% of junior management

85% of security teams acknowledged that traditional detection methods are not keeping pace with modern threats.

54% of board members and C-level executives believe their organizations are 'very prepared' to face ransomware.

78% of organizations experienced a ransomware attack in the preceding 12 months

37% of financial services organizations suffered significant disruption to business operations due to ransomware attacks.

In 2025, 70.4% of ransomware attacks, totaling 3,310 incidents, were distributed across other regions.

94% of organizations in the energy sector reported a disconnect between leadership and security team perceptions of ransomware readiness.

45% of organizations reported concerns about their ability to detect and respond to threats as quickly as AI-automated attacks can execute.

50% of financial services organizations implemented AI-powered threat detection.

47% of organizations improved detection and monitoring capabilities after ransomware attacks

38% of organizations addressed the specific issue that enabled the ransomware attack

45% of organizations enhanced training and awareness programs following ransomware attacks

51% of organizations increased general cybersecurity investment following ransomware attacks