A rising variety of companies are paying cybercriminals after ransomware assaults, as hackers deploy synthetic intelligence to make their ways extra focused, refined and damaging.
New analysis from cybersecurity consultancy S-RM and advisory agency FGS International reveals that 24.3 per cent of firms focused by ransomware assaults paid the demanded ransom in 2025, marking a pointy improve from 14.4 per cent in 2024.
The figures signify the primary vital rise in ransom funds after two years of decline. In 2023, about 16.4 per cent of affected organisations paid, whereas the height got here in 2022 when 27.6 per cent of victims settled with attackers.
Though the most recent numbers stay beneath that prime level, the leap suggests cybercriminals have gotten more and more profitable at pressuring firms into handing over cash.
Cybersecurity consultants say synthetic intelligence is quickly reshaping how ransomware assaults are deliberate and executed.
Hackers at the moment are ready to make use of AI instruments to scan huge quantities of stolen or publicly out there knowledge, permitting them to determine essentially the most delicate data belonging to a goal organisation. By specializing in knowledge that would trigger the best reputational, monetary or operational harm if uncovered, attackers are capable of improve stress on victims to pay.
Jamie Smith, head of cybersecurity at S-RM, stated criminals had been more and more counting on AI to refine their methods.
“Attackers are utilizing AI to search out essentially the most delicate data that would trigger most harm,” he stated. “Threats have gotten much more particular and personalised, designed to maximise the sufferer’s worry and willingness to pay.”
This evolution has made ransomware assaults harder for firms to defend towards, significantly for organisations with massive volumes of delicate knowledge.
The report additionally sheds gentle on the dimensions of funds being demanded by cybercriminal teams.
In response to the research, ransom funds in 2025 ranged from as little as $10,000 to greater than $1 million, with the common fee reaching $296,000.
Nevertheless, cybersecurity specialists warn that the overall price of a ransomware assault usually extends far past the ransom itself. Companies ceaselessly face operational disruption, regulatory scrutiny, reputational harm and the costly means of rebuilding compromised IT techniques.
Many organisations additionally incur prices associated to authorized recommendation, buyer notifications and forensic investigations after an assault.
The analysis means that industrial and manufacturing firms had been significantly prone to pay ransoms throughout the previous 12 months.
This development seems to be pushed by the extreme operational disruption ransomware assaults could cause in sectors that rely closely on steady manufacturing.
Factories, logistics techniques and provide chains can grind to a halt if core IT infrastructure turns into inaccessible. In such conditions, companies generally view paying a ransom because the quickest option to restore operations and keep away from extended shutdowns.
One high-profile cyber incident concerned Jaguar Land Rover, whose factories around the globe had been pressured to close down for the complete month of September after its IT techniques had been compromised.
Main UK retailers had been additionally focused in 2025, together with Marks & Spencer and Co-op. Not one of the firms has publicly confirmed whether or not a ransom was paid.
One of many greatest challenges in measuring ransomware exercise is that many firms refuse to reveal whether or not they have paid hackers.
Safety specialists say companies usually worry that publicly admitting to ransom funds might make them extra engaging targets for future assaults.
Prison teams might interpret fee as an indication that an organization has each the sources and willingness to adjust to calls for.
Because of this, ransomware incidents are sometimes stored confidential, with funds dealt with by personal negotiations involving cybersecurity consultants, insurers and specialist disaster advisers.
Whereas synthetic intelligence helps firms automate operations and enhance effectivity, consultants warn it’s also opening up new vulnerabilities that cybercriminals are keen to use.
Jenny Davey, co-head of disaster administration at FGS International, described the expertise as a “double-edged sword”.
“Whereas AI can drive effectivity and efficiency throughout the enterprise, it could possibly additionally open up new assault vectors for cybercriminals to use,” she stated.
The fast adoption of AI instruments throughout company techniques means organisations should make investments closely in cybersecurity and workers coaching to keep away from creating new entry factors for attackers.
The rise in ransomware funds highlights the rising significance of cyber resilience for companies throughout each sector.
Specialists say firms should transcend conventional IT safety measures and undertake a broader strategy that features worker consciousness, sturdy knowledge safety practices and detailed incident response plans.
This contains sustaining safe backups, limiting entry to delicate data and repeatedly testing techniques towards potential cyber threats.
As ransomware assaults change into extra refined, and more and more powered by synthetic intelligence, companies face mounting stress to strengthen their defences earlier than turning into the subsequent goal.
