In a world where cybersecurity tools and awareness campaigns are more prevalent than ever, it seems that organizations are still falling victim to ransomware attacks at an alarming rate. A recent study conducted by Rubrik Zero Labs has revealed that a staggering 86% of organizations worldwide have admitted to paying ransom demands in the wake of a cyberattack within the past year. This statistic sheds light on a harsh reality: the emphasis on recovery, rather than prevention, is where the majority of defenses continue to falter.
The findings of Rubrik’s 2025 report, titled “The State of Data Security: A Distributed Crisis,” are based on a survey of over 1,600 IT and security leaders across ten countries, including the US, the UK, France, Germany, India, and Singapore. Despite an increasing adoption of hybrid and multi-cloud infrastructure among businesses seeking to enhance their agility, the report suggests that many organizations are ill-equipped to recover from ransomware attacks without succumbing to extortion.
One of the key revelations from the report is that a significant portion of organizations (74%) admitted that their backup and recovery systems had been partially compromised, with 35% reporting a complete compromise. This indicates a troubling trend wherein ransomware attackers are specifically targeting the very systems that organizations rely on to restore their data and operations.
The targeting of backup and recovery systems has become a defining feature of modern ransomware campaigns, as cybercriminals seek to disable organizations’ ability to recover their data without paying the demanded ransom. This strategic shift underscores the importance of not only securing primary IT infrastructure but also ensuring the resilience and integrity of backup systems.
The pervasiveness of ransomware attacks and the high rate of organizations resorting to paying ransoms highlight the pressing need for a more proactive and comprehensive approach to cybersecurity. With cyber threats constantly evolving and growing in sophistication, businesses must prioritize both prevention and recovery strategies to mitigate the impact of attacks and safeguard their data assets.
As organizations continue to navigate the complex and ever-changing cybersecurity landscape, investing in robust backup and recovery solutions, implementing effective incident response plans, and enhancing employee awareness and training are crucial steps towards bolstering their resilience against ransomware and other cyber threats. By taking a proactive stance and staying vigilant in the face of ongoing cybersecurity challenges, organizations can better defend against malicious actors and protect their critical data and systems from potential harm.