- Ransomware attacks affected 24% of organisations in 2025, up from 18.6% in 2024
- 77% of CISOs see AI-powered phishing as a real and emerging threat
- Only 46% of organisations have ransomware insurance, down from 54.6% in 2024
HANOVER, Germany, Oct. 1, 2025 /PRNewswire/ -- New research from leading cybersecurity provider Hornetsecurity has found that a quarter (24%) of businesses reported being victims of a ransomware attack in 2025, a sharp increase from 18.6% in 2024. The results from Hornetsecurity's annual Ransomware Impact Report mark the end of a multi-year decline in attacks.
The rise comes as cybercriminals continue to diversify their methods and leverage new technologies to bypass defences. While traditional phishing remains the leading attack vector in nearly half of attacks (46%), the report finds that a growing reliance on compromised endpoints (26%) and stolen credentials (25%) are increasingly common access vectors.
While attacks are increasing, the number of organisations investing in ransomware insurance is down year on year, with less than half of all businesses (46%) making sure they are insured against these attacks, compared to 54.6% last year.
Commenting on the findings, Daniel Hofmann, CEO of Hornetsecurity, said: "Following a multi-year decline in ransomware attacks, 2025 marks a critical turning point for organisations to strengthen their security against faster, smarter, and AI-automated ransomware attacks.
"It is concerning to see a reduction in businesses investing in ransomware insurance while attacks are on the rise. It's worth noting, however, that it has become more difficult than ever for businesses to procure insurance for these situations. While hackers continue to use a wider variety of tactics, it's clear that organisations must increase their security provisions if they are to succeed against these nefarious actors. For example, next-gen email security solutions are effective in keeping threats from reaching inboxes, while security awareness solutions help end-users spot more advanced threats like social engineering. Pair those with immutable backup storage and you have an effective strategy for guarding critical data against ransomware. These tools are effective whether the business is insured for ransomware or not."
Businesses are reacting to the growing threat of AI-powered attacks
The study showed an overall reduction in phishing attacks over the past 12 months (52.3% in 2024 vs 46% in 2025). However, the increase in the use of AI-generated phishing was identified by over three quarters of CISOs (77%) as a growing threat.
Despite new and emerging challenges, preparations and improvements in recovery capabilities appear to be paying off, with the proportion of victims paying ransoms at 13% compared to 16.3% in 2024. Improved preparedness has become standard, as 82% of organisations surveyed now have a Disaster Recovery Plan, and 62% utilise immutable backups.
Check-box training against AI-phishing is ineffective
While the research showed positive actions from businesses when it came to certain cybersecurity provisions, cybersecurity training is shown to still be lacking. While three quarters (74%) of organisations reported offering end-user training against ransomware attacks, over two fifths of security leaders (42%) admitted that their training was insufficient or ineffective.
The report discusses the growing issue among small and mid-sized businesses (SMBs) of "false compliance". This occurs when organisations meet a superficial level of cybersecurity awareness, often through check-box training, but lack adequate follow-up. This contributes to ongoing human error, particularly when sophisticated phishing and social engineering tactics are employed.
Leadership & Governance: Still Catching Up
According to Proofpoint (that recently announced its planned acquisition of Hornetsecurity), human error remains the dominant source of incidents: 66% of CISOs identify the human factor as the primary attack vector, particularly in terms of data leaks and internal compromise. Although training is improving, it often remains superficial (42% consider it inadequate). These findings corroborate Hornetsecurity's conclusions on the limitations of "compliance tick-box" programmes.
Hofmann continued: "To be effective, cybersecurity awareness training must be ongoing, relevant, and tailored to each individual, which is only realistically possible if it is automated by a next-gen, AI-powered solution such as our Security Awareness Service."
He added: "While it is heartening to see a decrease in ransom payments, there can be no room for complacency. The new standard for businesses in fighting against ransomware is to deploy a comprehensive cyber-defence which not only protects against initial breaches, but also acts to prevent future threats, and ensures resilient systems capable of swift recovery if incidents do occur."
For more information about Hornetsecurity's 2025 Ransomware Report, click here.
About the survey
Results gathered from a global quantitative survey of 386 IT professionals, conducted by Hornetsecurity in August 2025.
About Hornetsecurity
Hornetsecurity is a leading global provider of next-generation cloud-based security, compliance, backup, and security awareness solutions that help companies and organisations of all sizes around the world. Its flagship product, 365 Total Protection, is the most comprehensive cloud security solution for Microsoft 365 on the market. Driven by innovation and cybersecurity excellence, Hornetsecurity is building a safer digital future and sustainable security cultures with its award-winning portfolio. Hornetsecurity operates in more than 120 countries through its international distribution network of 12,000+ channel partners and MSPs. Its premium services are used by more than 125,000 customers. For more information, visit www.hornetsecurity.com.
Image - https://mma.prnewswire.com/media/2782872/Hornetsecurity_1.jpg
Image - https://mma.prnewswire.com/media/2782873/Hornetsecurity_2.jpg
Logo - https://mma.prnewswire.com/media/2033076/5532271/Hornetsecurity_Logo.jpg
View original content:https://www.prnewswire.co.uk/news-releases/first-increase-in-ransomware-attacks-in-three-years-driven-by-new-technology-302572278.html
