As cyber threats continue to evolve, new Veeam research highlights alarming recovery rates and emphasizes the urgent need for robust data resilience strategies
SAN DIEGO, Calif. – Veeam® Software, the #1 global leader by market share in Data Resilience, today announced the findings of their latest research, From Risk to Resilience: Veeam 2025 Ransomware Trends and Proactive Strategies Report, revealing alarming insights into the evolving threat landscape of ransomware attacks. With cyber threats becoming more sophisticated and frequent, the report underlines the need for organizations to prioritize their defenses, mitigate risks, and recover effectively. To help address these persistent cyber threats, the report shares several actionable steps organizations can take to bolster defense, mitigate risk and recover more quickly, as well as the best practices of companies able to successfully recover. Veeam surveyed 1,300 organizations to gauge how Chief Information Security Officers (CISOs), security professionals, and IT leaders are recovering from cyber-threats.
Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organizations globally. The Veeam report reveals that while the percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, the threat remains substantial. This decrease is attributed to improved preparation and resilience practices, as well as increased collaboration between IT and security teams. However, as ransomware attacks from both established groups and “lone wolf” actors proliferate, organizations must adopt proactive cyber resilience strategies to mitigate risks and recover more swiftly and effectively from incidents.
“Organizations are improving their defenses against cyber-attacks, yet 7 out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%. Our latest findings clearly indicate that the threat of ransomware will continue to challenge organizations throughout 2025 and beyond,” said Anand Eswaran, CEO of Veeam. “As the nature and timing of attacks evolve, it is essential for every organization to transition from reactive security measures to proactive data resilience strategies. By adopting a proactive security approach, investing in strong recovery solutions, and fostering collaboration across departments, organizations can significantly reduce the impact of ransomware attacks.”
Key Findings and Trends to Watch in 2025:
- Law Enforcement is Forcing Threat Actors to Adapt: In 2024, coordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance.
- Data Exfiltration Attacks Grow: The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organization’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information—like personal data, financial records, or intellectual property—and transferring it outside the organization. Organizations with weak cybersecurity measures are particularly vulnerable, as threat actors rapidly exploit vulnerabilities, often within hours.
- Ransomware Payments Are Decreasing: The total value of ransomware payments fell in 2024, with 36% of affected organizations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasizing the importance of robust recovery strategies.
- Legal Consequences of Ransom Payments are Emerging: New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organizations to strengthen their defenses rather than capitulate to attackers.
- Collaboration Reinforces Resilience Against Ransomware: Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defenses against ransomware.
- Budgets Rise for Security and Recovery, but More Is Needed: While organizations are allocating more resources to security and recovery efforts, there remains a significant gap in investment relative to the growing threat landscape.
Organizations that prioritize data resilience can recover from attacks up to seven times faster and experience significantly lower data loss rates. These successful organizations share several common attributes, including robust backup and recovery strategies, proactive security measures, and effective incident response plans. The report emphasizes the importance of shifting from reactive security to proactive cyber resilience strategies to meet the challenges of ransomware. Findings from the report also encouraged organizations to adopt the 3-2-1-1-0 data resilience rule, ensuring that backups are immutable and free from malware before restoration.
Pre-attack confidence among ransomware victims often doesn’t reflect reality, as 69% believed they were prepared before being attacked, while their confidence plummeted by over 20% afterward, revealing significant gaps in planning. While 98% of respondents had a ransomware playbook, less than half of organizations had key technical elements included, such as backup verifications and frequencies (44%) and a pre-defined “chain of command” (30%). Notably, CIOs experienced a 30% decline in their preparedness rating post-attack, compared to a 15% drop for CISOs, suggesting that CISOs have a clearer grasp of their organization’s security posture. These findings underscore the importance of fostering organizational alignment in cyber resilience and preparation, emphasizing the need for regular training and exercises across all teams to ensure a coordinated response during and after an attack.
The full Veeam 2025 Ransomware Trends and Proactive Strategies Report is available now for download at https://go.veeam.com/ransomware-trends. For more information on Veeam, visit https://www.veeam.com.
About the Report
The Veeam 2025 Ransomware Trends and Proactive Strategies Report surveyed 1,300 organizations, 900 of which had experienced at least one ransomware attack resulting in encryption or exfiltration in the past 12 months. The respondents comprised Chief Information Security Officers (CISOs) or executives with similar responsibilities, as well as security professionals and IT leaders from across the Americas, Europe, and Australia.
About Veeam Software
Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it. Veeam calls this radical resilience, and we’re obsessed with creating innovative ways to help our customers achieve it.
Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments.
Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. Radical resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.
For Veeam media inquiries, contact Veeam.PR.Global@veeam.com.
