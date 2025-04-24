With cyber threats becoming more sophisticated and more frequent, organisations are under pressure to prioritise their defenses, mitigate risks and recover effectively.

This is the overriding message from Veeam Software’s latest research, From Risk to Resilience: Veeam 2025 Ransomware Trends and Proactive Strategies Report, which shares actionable steps organisations can take to bolster defense, mitigate risk and recover more quickly, as well as the best practices of companies able to successfully recover.

Veeam surveyed 1 300 organisations to gauge how chief information security officers (CISOs), security professionals and IT leaders are recovering from cyber-threats.

Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organizations globally. The Veeam report reveals that, while the percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, the threat remains substantial.

This decrease is attributed to improved preparation and resilience practices, as well as increased collaboration between IT and security teams.

However, as ransomware attacks from both established groups and “lone wolf” actors proliferate, organisations must adopt proactive cyber resilience strategies to mitigate risks and recover more swiftly and effectively from incidents.

“Organisations are improving their defenses against cyber-attacks, yet seven out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%. Our latest findings clearly indicate that the threat of ransomware will continue to challenge organisations throughout 2025 and beyond,” says Anand Eswaran, CEO of Veeam.

“As the nature and timing of attacks evolve, it is essential for every organisation to transition from reactive security measures to proactive data resilience strategies. By adopting a proactive security approach, investing in strong recovery solutions, and fostering collaboration across departments, organisations can significantly reduce the impact of ransomware attacks.”

Key research findings and trends to watch in 2025 include:

Law enforcement is forcing threat actors to adapt: In 2024, co-ordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance.

In 2024, co-ordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance. Data exfiltration attacks grow : The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organisation’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information — like personal data, financial records, or intellectual property — and transferring it outside the organization. Organisations with weak cybersecurity measures are particularly vulnerable, as threat actors rapidly exploit vulnerabilities, often within hours.

: The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organisation’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information — like personal data, financial records, or intellectual property — and transferring it outside the organization. Organisations with weak cybersecurity measures are particularly vulnerable, as threat actors rapidly exploit vulnerabilities, often within hours. Ransomware payments are decreasing : The total value of ransomware payments fell in 2024, with 36% of affected organisations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasising the importance of robust recovery strategies.

: The total value of ransomware payments fell in 2024, with 36% of affected organisations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasising the importance of robust recovery strategies. Legal consequences of ransom payments are emerging: New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organisations to strengthen their defenses rather than capitulate to attackers.

New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organisations to strengthen their defenses rather than capitulate to attackers. Collaboration reinforces resilience against ransomware : Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defenses against ransomware.

: Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defenses against ransomware. Budgets for security and recovery increase, but more Is needed: While organisations are allocating more resources to security and recovery efforts, there remains a significant gap in investment relative to the growing threat landscape.

Organisations that prioritise data resilience can recover from attacks up to seven times faster and experience significantly lower data loss rates. These successful organisations share several common attributes, including robust backup and recovery strategies, proactive security measures, and effective incident response plans.

The report emphasizes the importance of shifting from reactive security to proactive cyber resilience strategies to meet the challenges of ransomware. Findings from the report also encouraged organizations to adopt the 3-2-1-1-0 data resilience rule, ensuring that backups are immutable and free from malware before restoration.

Pre-attack confidence among ransomware victims often doesn’t reflect reality, as 69% believed they were prepared before being attacked, while their confidence plummeted by over 20% afterward, revealing significant gaps in planning.

While 98% of respondents had a ransomware playbook, fewer than half of organisations had included key technical elements, such as backup verifications and frequencies (44%) and a pre-defined “chain of command” (30%).

Notably, CIOs experienced a 30% decline in their preparedness rating post-attack, compared to a 15% drop for CISOs, suggesting that CISOs have a clearer grasp of their organisation’s security posture.

These findings underscore the importance of fostering organisational alignment in cyber resilience and preparation, emphasising the need for regular training and exercises across all teams to ensure a co-ordinated response during and after an attack.