A growing number of businesses are succumbing to cybercriminals after ransomware attacks, with research indicating that 24.3 percent of companies targeted paid their attackers in 2025. This marks a significant rise from the 14.4 percent reported in 2024, reversing a trend of two consecutive years of decline in ransom payments. In 2023, approximately 16.4 percent of affected organizations opted to pay, while the figure peaked in 2022 at 27.6 percent.
This latest increase suggests that cybercriminals are becoming increasingly adept at coercing companies into complying with ransom demands. Cybersecurity experts attribute part of this evolution to the deployment of artificial intelligence by hackers, which has transformed the planning and execution of ransomware attacks.
Using AI tools, cybercriminals can analyze extensive datasets—both stolen and publicly available—to pinpoint the most sensitive information within a target organization. By zeroing in on data that poses the highest risk of causing reputational, financial, or operational harm if exposed, hackers can intensify the pressure on victims, compelling them to pay.
Jamie Smith, head of cybersecurity at S-RM, emphasized the role of AI in refining attack strategies. “Attackers are using AI to find the most sensitive information that could cause maximum damage,” he noted. “Threats are becoming far more specific and personalized, designed to maximize the victim’s fear and willingness to pay.”
This shift has made ransomware attacks increasingly challenging for organizations, particularly those with large volumes of sensitive data. The report also highlights the varying scale of payments demanded by cybercriminal groups, revealing that in 2025, ransom payments ranged from as low as $10,000 to more than $1 million, with the average payment standing at $296,000.
However, cybersecurity specialists caution that the costs associated with a ransomware attack often significantly exceed the ransom itself. Companies frequently grapple with operational disruptions, regulatory scrutiny, reputational damage, and the expensive task of rebuilding compromised IT systems. Additional expenses often arise from legal consultations, customer notifications, and forensic investigations following an attack.
The research indicates that organizations within the industrial and manufacturing sectors were particularly inclined to pay ransoms over the past year. This trend appears to stem from the severe operational disruptions ransomware attacks can inflict on industries that depend on continuous production. When critical IT infrastructure becomes inaccessible, businesses may perceive paying a ransom as the quickest route to resume operations, thereby avoiding prolonged shutdowns.
A notable example of this risk was the cyber incident involving Jaguar Land Rover, which led to the shutdown of its factories worldwide for the entire month of September after its IT systems were compromised. Other major UK retailers, such as Marks & Spencer and Co-op, were also targeted in 2025, although none have publicly confirmed whether they paid a ransom.
One of the significant hurdles in assessing ransomware activity is the reticence among many companies to disclose whether they have paid hackers. Security experts argue that businesses often fear that admitting to ransom payments could render them more appealing targets for future attacks. Criminal groups may interpret such payments as indications that a company possesses both the resources and willingness to comply with demands.
Consequently, many ransomware incidents are kept confidential, with payments typically managed through private negotiations involving cybersecurity consultants, insurers, and crisis management specialists. While AI is enhancing operational efficiencies for companies, experts warn that it also introduces new vulnerabilities that cybercriminals are eager to exploit.
Jenny Davey, co-head of crisis management at FGS Global, described the dual nature of AI technology as a “double-edged sword.” “While AI can drive efficiency and performance across the business, it can also open up new attack vectors for cybercriminals to exploit,” she said. The rapid integration of AI tools across corporate infrastructures necessitates significant investments in cybersecurity and employee training to mitigate potential new vulnerabilities.
The rising trend of ransomware payments underscores the escalating need for cyber resilience among businesses in all sectors. Experts argue that companies must extend beyond conventional IT security measures to adopt comprehensive strategies that involve employee education, stringent data protection practices, and well-defined incident response plans. This includes maintaining secure data backups, restricting access to sensitive information, and routinely testing systems against potential cyber threats.
As ransomware attacks grow in sophistication, increasingly fueled by artificial intelligence, businesses find themselves under mounting pressure to fortify their defenses before they become the next target.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
