Skip to main content
VendorsSophos

Sophos

Cybersecurity reports and statistics published by Sophos

8 categories5 reports

Recent Statistics & Reports

The median ransom payment was $1 million.

6/24/2025
RansomwareRansom

Companies with over $1 billion in revenue faced a median ransom demand of $5 million.

6/24/2025
RansomwareRansom

Nearly 50% of companies paid a ransom to recover their data, which is the second highest rate of ransom payment for demands in six years.

6/24/2025
RansomwareRansom

State and local government reported the highest median ransom payment at $2.5 million.

6/24/2025
RansomwareRansomGovernment

Data encryption was at a six-year low, with only half of companies having their data encrypted in a ransomware attack.

6/24/2025
RansomwareData encryption

For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.

6/24/2025
RansomwareVulnerabilities

The most frequently seen "EDR killer" in 2024 was EDRSandBlast.

4/16/2025
EDR

The average price of "junk gun" ransomware obtained from an underground marketplace is $375.

4/16/2025
Ransomware

EDRSandBlast variants were detected in waves of attempted ransomware attacks throughout 2024, including a dramatic peak around the US Thanksgiving holiday in November

4/16/2025
RansomwareHoliday

Ransomware cases accounted for 70 percent of Sophos Incident Response cases for small business customers in 2024.

4/16/2025
RansomwareSmall business

Over a third of all incidents involving intrusion into smaller organisations have systems on the network edge as the initial point of compromise.

4/16/2025
Malicious intrusionSmall businessNetwork edge devices

Ransomware cases accounted for over 90 percent of Sophos Incident Response cases for midsized organisations (from 500 to 5000 employees) in 2024.

4/16/2025
RansomwareMiddle market

Obsolete and unpatched hardware and software constitute an ever-growing source of security vulnerabilities.

4/16/2025
VulnerabilitiesObsolote hardwareUnpatched hardware

Use of remote ransomware increased 141 percent since 2022.

4/16/2025
RansomwareRemote ransomware

The use of remote ransomware increased 50 percent in 2024 over last year, and 141 percent since 2022.

4/16/2025
RansomwareRemote ransomware

The Veeam vulnerability (CVE-2024-40711) and similar documented vulnerabilities played a role in nearly 15 percent of the cases Sophos MDR tracked involving malicious intrusions in 2024.

4/16/2025
VulnerabilitiesMalicious intrusion

Most active STAC campaigns tracked by Sophos MDR in 2024 were ransomware-related.

4/16/2025
Ransomware

Use of remote ransomware increased 50 percent in 2024 over last year.

4/16/2025
RansomwareRemote ransomware

Compromised network edge devices account for a quarter of the initial compromises of businesses in cases that could be confirmed from telemetry.

4/16/2025
Network edge devicesSecurity incident

Ransomware and data theft attempts accounted for nearly 30 percent of all Sophos Managed Detection and Response (MDR) tracked incidents (in which malicious activity of any sort was detected) for small and midsized businesses.

4/16/2025
RansomwareData theft

Showing 41-60 of 60 results