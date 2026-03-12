Highlights

The proportion of businesses paying ransoms rose sharply to 24.3 per cent in 2025 from 14.4 per cent in 2024.

Average ransom payment in 2025 was $296,000 with payments ranging from $10,000 to more than $1 m.

High-profile victims in 2025 included Jaguar Land Rover, Marks & Spencer and Co-op.

The proportion of businesses paying ransoms to hackers has risen sharply to 24.3 per cent in 2025, up from 14.4 per cent in 2024 and 16.4 per cent in 2023, after two years of declining payments, according to a study by cybersecurity firm S-RM and advisory group FGS Global.

The sharp rise has been driven by criminals using artificial intelligence to mount increasingly sophisticated and personalised cyberattacks.

The rate remains below the 27.6 per cent recorded in 2022 but the rapid increase in just one year has alarmed cybersecurity experts.

Industrial and manufacturing businesses paid more ransoms than any other sector last year, which the study attributed to the "operational disruption caused by ransomware attacks."

High-profile corporate victims in 2025 included Jaguar Land Rover, whose factories around the world were shut for the entire month of September after an attack on its IT systems, as well as Marks & Spencer and Co-op.

None of the three has confirmed paying a ransom. Ransom payments last year ranged from $10,000 to more than $1 m, with the average payment standing at $296,000.

AI driving attacks

Jamie Smith, head of cybersecurity at S-RM, told The Times that attackers were using AI "to find the most sensitive information that could cause maximum damage," adding: "Threats are becoming specific and more personalised, designed to maximise the victim's fear and willingness to pay."

Jenny Davey, co-head of crisis management at FGS, described AI as a "double-edged sword" for businesses.

Davey warned: "While AI can drive efficiency and performance across the business, it can also open up new attack vectors for cybercriminals to exploit."

The study sheds light on a practice most businesses avoid discussing publicly, as firms fear that confirming ransom payments makes them more likely to be targeted again.

The report did not identify which companies paid ransoms but highlighted the growing trend of criminals tailoring attacks to cause maximum financial and reputational damage to their victims.