Highlights
- The proportion of businesses paying ransoms rose sharply to 24.3 per cent in 2025 from 14.4 per cent in 2024.
- Average ransom payment in 2025 was $296,000 with payments ranging from $10,000 to more than $1 m.
- High-profile victims in 2025 included Jaguar Land Rover, Marks & Spencer and Co-op.
Industrial and manufacturing businesses paid more ransoms than any other sector last year, which the study attributed to the "operational disruption caused by ransomware attacks."
High-profile corporate victims in 2025 included Jaguar Land Rover, whose factories around the world were shut for the entire month of September after an attack on its IT systems, as well as Marks & Spencer and Co-op.
None of the three has confirmed paying a ransom. Ransom payments last year ranged from $10,000 to more than $1 m, with the average payment standing at $296,000.
AI driving attacks
Jamie Smith, head of cybersecurity at S-RM, told The Times that attackers were using AI "to find the most sensitive information that could cause maximum damage," adding: "Threats are becoming specific and more personalised, designed to maximise the victim's fear and willingness to pay."
Jenny Davey, co-head of crisis management at FGS, described AI as a "double-edged sword" for businesses.
Davey warned: "While AI can drive efficiency and performance across the business, it can also open up new attack vectors for cybercriminals to exploit."
The study sheds light on a practice most businesses avoid discussing publicly, as firms fear that confirming ransom payments makes them more likely to be targeted again.
The report did not identify which companies paid ransoms but highlighted the growing trend of criminals tailoring attacks to cause maximum financial and reputational damage to their victims.
