A new global cybersecurity report released by Sophos has revealed that 46% of organisations worldwide paid a ransom to cybercriminals in 2025, despite increased investments in digital defences and greater awareness of the risks associated with ransomware attacks.
The report, which surveyed thousands of IT and cybersecurity professionals across multiple countries, highlights a persistent challenge in the fight against ransomware. While many companies have improved their cybersecurity infrastructure and response plans, nearly half still chose to meet the financial demands of attackers in an effort to regain access to their encrypted systems or stolen data.
Sophos, a leading UK-based cybersecurity company, stated that the 2025 figures indicate a troubling resilience of ransomware operations globally. The report suggests that many organisations are still vulnerable due to weak network protections, inadequate backups, and unprepared incident response teams. Even companies with mature cybersecurity strategies were not immune, as attackers often deploy increasingly sophisticated tactics to bypass security measures.
The financial impact of ransomware also remains severe. According to the report, the average ransom payment has increased compared to previous years, driven by a rise in targeted attacks against large enterprises and critical infrastructure providers. Sophos noted that some companies paid ransoms exceeding several million dollars, especially in sectors like healthcare, finance, and manufacturing, where operational downtime can result in enormous losses.
In addition to ransom payments, organisations also faced steep recovery costs, including system restoration, forensic investigations, legal expenses, and reputational damage. The total cost of a ransomware attack in 2025 often exceeded the ransom itself, further highlighting the heavy burden on affected firms.
Despite the high incidence of ransom payments, paying the attackers did not always guarantee full data recovery. The report found that in many cases, data was only partially restored, or victims were later re-targeted by the same or affiliated criminal groups. This underscores the risk of negotiating with cybercriminals and reinforces the advice of law enforcement agencies, which generally discourage paying ransoms.
The Sophos report also examined the most common ransomware attack vectors in 2025. Phishing emails, unpatched software vulnerabilities, and compromised remote desktop protocols (RDP) remained the leading entry points. Additionally, the growing use of artificial intelligence by cybercriminals to craft convincing phishing campaigns and automate network intrusions contributed to the rise in successful attacks.
Regional trends in the report showed that organisations in North America, Europe, and parts of Asia were the most frequently targeted. However, developing regions also experienced a notable uptick in ransomware incidents, as attackers increasingly exploited less protected systems in smaller economies.
In Nigeria and other parts of Africa, cybercrime continues to evolve alongside digital transformation efforts. Experts say the growth of internet connectivity and digital services across the continent has opened new opportunities for both economic development and cybercrime. Nigerian firms, like their global counterparts, have faced rising threats from ransomware, business email compromise, and data breaches, with many organisations struggling to maintain up-to-date defences.
The Sophos report urged companies to adopt a multi-layered cybersecurity strategy, including regular software patching, endpoint protection, network segmentation, and continuous employee training. It also recommended organisations invest in robust backup systems that allow them to restore data independently of the attackers.
Ransomware-as-a-service (RaaS) was identified as a key driver of the continued prevalence of attacks in 2025. This model enables less technically skilled criminals to launch ransomware campaigns using tools developed by more experienced hackers. As a result, the threat landscape has become more crowded and more unpredictable, making defence efforts more complex.
Sophos concluded the report by stressing the need for international cooperation to disrupt ransomware groups, dismantle their infrastructure, and hold perpetrators accountable. Law enforcement actions in 2025, including several arrests and takedowns of ransomware networks, were cited as positive developments, but analysts warned that cybercriminals continue to adapt quickly to enforcement efforts.
With the cyber threat environment evolving rapidly, experts warn that no organisation can consider itself completely safe. The high percentage of firms paying ransoms reflects the urgent need for improved prevention, stronger deterrence, and greater resilience in the face of growing digital threats.
