Veeam Software has released new research showing that nearly seven in ten organisations globally continue to face ransomware attacks, despite ongoing improvements in cyber defences. The findings, published in the company’s latest report titled From Risk to Resilience: Veeam 2025 Ransomware Trends and Proactive Strategies, shed light on how businesses are responding to increasingly complex cyber threats, while revealing significant gaps in recovery readiness.
Based on a global survey of 1,300 organisations, the report explores how Chief Information Security Officers (CISOs), security professionals and IT leaders are dealing with the ever-evolving threat of ransomware. Although the percentage of businesses affected has dropped slightly from 75% to 69% since last year, Veeam warns that this still points to a high level of vulnerability and underlines the urgent need for proactive data resilience strategies.
Low recovery rates highlight weak resilience
Veeam CEO Anand Eswaran highlighted that many organisations continue to fall short when it comes to recovery. “Organisations are improving their defences against cyber-attacks, yet 7 out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%,” he said. Eswaran added that the threat of ransomware would remain a major challenge beyond 2025 and stressed the importance of moving from reactive defences to proactive data resilience.
The report outlines that successful recovery is often seen in organisations that invest in robust backup and recovery processes, implement proactive security practices, and establish clear incident response plans. These organisations are reported to recover from ransomware incidents up to seven times faster, with significantly reduced data loss.
New threat trends and shifting tactics
The research identifies a number of emerging trends shaping the cyber threat landscape. One of the more concerning developments is the growth in data exfiltration attacks, where threat actors steal sensitive data without encrypting or locking systems. These types of attacks often target organisations with inadequate cybersecurity, exploiting vulnerabilities within hours of detection.
While overall ransom payments are declining – with 36% of affected companies choosing not to pay – regulatory and legal pressures are also shaping organisational behaviour. Of those that did pay a ransom, 82% paid less than the original demand, and 60% paid less than half. Legal frameworks and initiatives like the International Counter Ransomware Initiative are actively discouraging payments, pushing companies instead to invest in recovery readiness.
In 2024, law enforcement efforts disrupted major ransomware groups such as LockBit and BlackCat. However, this has led to a rise in smaller, less predictable attackers. This shift in the ransomware landscape requires continued vigilance and adaptation from security teams.
Gaps in preparation despite high confidence
Another key insight from the report is the discrepancy between perceived and actual preparedness. Around 69% of ransomware victims felt confident in their defences before the attack, but this confidence dropped by over 20% post-incident. Interestingly, CIOs saw a 30% decline in their confidence ratings, while CISOs reported a smaller drop of 15%, suggesting a gap in understanding organisational cyber readiness between different leadership roles.
Although 98% of respondents reported having a ransomware response playbook, fewer than half included critical technical elements such as backup verification (44%) or a defined chain of command (30%). These shortfalls indicate a lack of detailed planning and coordination in many organisations.
The report strongly advocates for a structured approach to cyber resilience, recommending the adoption of the 3-2-1-1-0 backup rule. This rule ensures multiple backup copies across varied media, with at least one offsite and one immutable copy, free from malware, before any recovery is carried out.
As cyber threats continue to grow in sophistication, the report urges companies to align internal departments, increase training, and maintain strong collaboration between IT and security teams, as well as with external partners such as law enforcement and industry groups.
