Skip to content
All about cybersecurity.All about technology.

Enterprises reluctant to comply with ransomware demands - only 17% have made payments in 2025, reaching a record-low level

Ransomware victims are experiencing greater resistance in meeting extortion demands, as per fresh findings by Databarracks.

 and  Administrator
3 min read
Ransomeware targets remain unyielding to cyber criminals - only 17% of businesses have succumbed to...
Ransomeware targets remain unyielding to cyber criminals - only 17% of businesses have succumbed to ransom demands in 2025, setting a record-low compliance rate.

Enterprises reluctant to comply with ransomware demands - only 17% have made payments in 2025, reaching a record-low level

In the digital landscape of the UK, a significant shift is underway in the approach towards ransomware attacks. The UK government is moving towards a proactive regulatory framework, aiming to deter ransom payments and impose legal consequences. This change comes in response to the high prevalence of ransomware payments, particularly in the public sector, and the growing sophistication of ransomware groups.

The public sector has been a soft target, with 83% of UK public sector organisations hit by ransomware choosing to pay the ransom, the highest worldwide [1]. This vulnerability, coupled with operational pressures, has led to the UK government legislating to ban ransom payments by public sector organisations and critical national infrastructure [4]. The ban is supported by 72-82% public consultation approval [4].

Ransomware groups have become increasingly professional, employing tactics such as threats of physical harm to executives and regulatory complaints if not paid [1]. They are evolving away from simple encryption to data exfiltration, double extortion, and public data leaks to apply pressure [2].

Despite the strong support for banning ransom payments in principle, many private businesses admit they would still pay if it meant saving their organisation. A survey revealed that 75% of business leaders would break the ban to pay the ransom if it meant preventing severe operational damage [3]. This indicates a conflict between principle and practical crisis response.

The rise in ransomware attacks, particularly in industries such as healthcare, education, and retail, intensifies the pressure on organisations to act fast, often towards payment to resume operations [5]. However, the practical effectiveness of this approach in the private sector remains uncertain.

The UK government's new stance is seen as a formalization of where UK businesses were already headed. James Watts, Managing Director at Databarracks, stated that the government's new stance is a formalization of where UK businesses were already headed [6]. Preparing for recovery is the key to beating ransomware, according to Watts.

Companies are prioritizing backup and recovery processes, and the figures highlight the success and importance of these strategies for businesses. More than half (53%) of companies paid hackers less than the original demand after bartering for a lower payout [7]. 59% of businesses have immutable backups, and 57% of businesses are recovering data through backup methods [7]. Nearly three-quarters (72%) of businesses have air-gapped backups in place [7].

The decline in ransom payments is due to victims recovering from backups instead. In 2024, only 27% of ransomware victims opted to pay to recover data, a significant drop from the 47% in the year prior [8]. 24% of enterprises now have a policy that they'll never pay a ransom, double the figure from 2023 [9]. Organisations are now three-times more likely to recover from backups than paying ransoms [9].

The UK government has confirmed a new ransomware payments ban for public sector bodies and critical infrastructure operators [10]. Companies are getting better at haggling with ransomware gangs following a breach [11]. Nearly half (44%) of companies were able to stop a ransomware attack before data was encrypted, which Sophos said marked a six-year high [11]. Just 17% of UK businesses are paying ransoms when breached, a steep decline from previous years [12].

In conclusion, the UK is moving from a largely reactive stance where many organisations—especially public sector—pay ransom to a proactive regulatory framework designed to deter payments and impose legal consequences. The shift is driven by growing cyber threat sophistication, a desire to cut financial incentives for criminals, and recognition of ransomware as a systemic economic risk [1][2][3][4][5].

[1] https://www.cyberintelligence.org/news/uk-public-sector-ransomware-victims-pay-out-most-in-the-world/ [2] https://www.cyberintelligence.org/news/ransomware-groups-evolving-tactics-to-apply-pressure/ [3] https://www.cyberintelligence.org/news/business-leaders-would-still-pay-ransom-despite-ban/ [4] https://www.cyberintelligence.org/news/uk-government-legislation-banning-ransom-payments/ [5] https://www.cyberintelligence.org/news/significant-increase-in-ransomware-attacks-on-uk-industries/ [6] https://www.databarracks.com/news/uk-government-announces-new-ransomware-payments-ban/ [7] https://www.sophos.com/en-us/threat-report/2025.aspx [8] https://www.cyberintelligence.org/news/decline-in-ransom-payments-due-to-victims-recovering-from-backups/ [9] https://www.cyberintelligence.org/news/companies-recovering-from-backups-instead-of-paying-ransoms/ [10] https://www.gov.uk/government/news/uk-government-bans-ransom-payments-for-public-sector-bodies-and-critical-infrastructure-operators [11] https://www.cyberintelligence.org/news/companies-getting-better-at-haggling-with-ransomware-gangs/ [12] https://www.cyberintelligence.org/news/fewer-uk-businesses-paying-ransoms-when-breached/

Read also:

Related

Latest