VendorsSophos
Sophos
Cybersecurity reports and statistics published by Sophos
8 categories4 reports
Research Reports
Reports and publications from Sophos
Recent Statistics & Reports
In 71% of cases where companies paid a smaller ransom than the initial demand, negotiation played a role, either directly or with third-party assistance.
6/24/2025•
RansomwareRansom
State and local government reported the highest median ransom payment at $2.5 million.
6/24/2025•
RansomwareRansomGovernment
Organisations with $250 million revenue or less saw median ransom demands of less than $350,000.
6/24/2025•
RansomwareRansom
For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.
6/24/2025•
RansomwareVulnerabilities
Lack of expertise was the top operational cause of ransomware attacks in organisations with over 3,000 people.
6/24/2025•
Ransomware
Healthcare reported the lowest median ransom payment at $150,000.
6/24/2025•
RansomwareRansomHealthcare
Nearly 50% of companies paid a ransom to recover their data, which is the second highest rate of ransom payment for demands in six years.
6/24/2025•
RansomwareRansom
44% of companies were able to stop the ransomware attack before data was encrypted, marking a six-year high.
6/24/2025•
RansomwareData encryption
Data encryption was at a six-year low, with only half of companies having their data encrypted in a ransomware attack.
6/24/2025•
RansomwareData encryption
Use of remote ransomware increased 141 percent since 2022.
4/16/2025•
RansomwareRemote ransomware
The use of remote ransomware increased 50 percent in 2024 over last year, and 141 percent since 2022.
4/16/2025•
RansomwareRemote ransomware
Ransomware cases accounted for 70 percent of Sophos Incident Response cases for small business customers in 2024.
4/16/2025•
RansomwareSmall business
Obsolete and unpatched hardware and software constitute an ever-growing source of security vulnerabilities.
4/16/2025•
VulnerabilitiesObsolote hardwareUnpatched hardware
The Veeam vulnerability (CVE-2024-40711) and similar documented vulnerabilities played a role in nearly 15 percent of the cases Sophos MDR tracked involving malicious intrusions in 2024.
4/16/2025•
VulnerabilitiesMalicious intrusion
Use of remote ransomware increased 50 percent in 2024 over last year.
4/16/2025•
RansomwareRemote ransomware
Most active STAC campaigns tracked by Sophos MDR in 2024 were ransomware-related.
4/16/2025•
Ransomware
The most frequently seen "EDR killer" in 2024 was EDRSandBlast.
4/16/2025•
EDR
Compromised network edge devices account for a quarter of the initial compromises of businesses in cases that could be confirmed from telemetry.
4/16/2025•
Network edge devicesSecurity incident
Ransomware cases accounted for over 90 percent of Sophos Incident Response cases for midsized organisations (from 500 to 5000 employees) in 2024.
4/16/2025•
RansomwareMiddle market
Ransomware and data theft attempts accounted for nearly 30 percent of all Sophos Managed Detection and Response (MDR) tracked incidents (in which malicious activity of any sort was detected) for small and midsized businesses.
4/16/2025•
RansomwareData theft
Showing 21-40 of 43 results