Ransomware groups are having an increasingly hard time forcing victims to pay, according to new research.
According to figures from Databarracks’ 2025 Data Health Check report, just 17% of UK businesses are paying ransoms when breached, marking a steep decline on previous years.
In 2024, 27% of ransomware victims opted to pay to recover data, while in the year prior this stood at 47%, Databarracks found.
This decline comes as victims opt to recover from backups instead of paying ransoms, according to the study, with 57% recovering data through this method.
All told, the study found organizations are now three-times more likely to recover from backups than paying - and it’s a result of a more aggressive approach implemented in response to surging threats.
Nearly three-quarters (72%) of businesses now have air-gapped backups in place, for example, while 59% have immutable backups.
James Watts, Managing Director at Databarracks, said the figures highlight both the success and importance of backup strategies for businesses.
“Recovery isn’t a last resort – it’s a strategy,” he said.
“The organizations that plan and rehearse their recoveries are the ones that come through an attack strongest. That’s how you beat ransomware – not by paying, but by preparing to recover.”
A tougher stance on ransomware
The tougher stance from enterprises on ransom payments comes amid a period of legislative change in the UK, with the government confirming its new ransomware payments ban for public sector bodies and critical infrastructure operators.
Indeed, 24% of enterprises now have a policy that they’ll never pay a ransom, double the figure from 2023.
“The government’s new stance is bold – but the data shows the direction of travel was already clear. In some sense, the policy is a formalization of where UK businesses were already headed,” said Watts.
“Paying the ransom used to feel like the only option. Now, the best-prepared organizations are recovering faster, more reliably, and without funding criminals.”
Research also shows victims are getting better at haggling with ransomware gangs following a breach. Analysis from Sophos last month found more than half (53%) paid hackers less than the original demand after bartering for a lower payout.
That same study also showed companies were prioritizing backup and recovery processes, which has paid dividends.
Nearly half (44%) of companies were able to stop a ransomware attack before data was encrypted, which Sophos said marked a six-year high.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Dell 32 Plus S3225QC monitor reviewReviews Superb image quality and silky smooth motion make a glorious combination – but it’s not a perfect productivity monitor
-
Enterprise networking - but without the therapy billsIndustry insights Historically the networking channel has been on focused on features, but we now need to shift emphasis to enablement...
