In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.

Half of school IT leaders view ransomware as a serious threat to learning continuity in 2025

Nearly 40% of schools feel underprepared for ransomware in 2025

There was a 264% increased surge of ransomware attacks on healthcare organizations.

72% of IT leaders support a ban on ransomware payments, with 51% strongly supporting it.

66% of IT leaders view AI-generated attacks as the most significant threat to data security, surpassing ransomware at 50%.

29% of global respondents ranked ransomware attacks and privacy breaches as their leading cyber concerns.

In 2024, ransomware incidents reported to FinCEN decreased to 1,476 incidents, reflecting $734 million in the aggregate value of reported payments.

The 10 ransomware variants with the highest cumulative payment amounts identified in BSA reports accounted for approximately $1.5 billion in payments.

The manufacturing industry accounted for 456 ransomware incidents totaling approximately $284.6 million in reported payments, while the financial services industry accounted for 432 incidents totaling approximately $365.6 million, and the healthcare industry accounted for 389 incidents totaling approximately $305.4 million.

Between January 2022 and December 2024, FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents, totaling more than $2.1 billion in ransomware payments.

67% of ransomware reports that provided the communication method indicated that threat actors communicated with their intended targets via messages sent over The Onion Router protocol.

Ransomware incidents reported to FinCEN reached an all-time high of 1,512 incidents in 2023, totaling $1.1 billion in payments, marking a 77% increase in total payments year-over-year from 2022 to 2023.

60% of ransomware attacks occurred following an IPO, merger or acquisition, or round of layoffs.

52% of organizations reported being targeted by ransomware attacks on holidays or weekends.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

In Q3 2025, INC Ransomware accounted for approximately 8% of Beazley Security incident response cases.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

In Q3 2025, leak site posts increased by 11% from Q2 to Q3.