Ransomware victims are refusing to play ball with hackers – just 17% of enterprises have paid up so far in 2025, marking an all-time low

Enterprises are taking a tougher stance on ransomware hackers and refusing to pay up

Ross Kelly's avatar
By
published
in News
Ransomware concept image showing digitized padlock pictured on a laptop screen on red background
(Image credit: Getty Images)

Ransomware groups are having an increasingly hard time forcing victims to pay, according to new research.

According to figures from Databarracks’ 2025 Data Health Check report, just 17% of UK businesses are paying ransoms when breached, marking a steep decline on previous years.

In 2024, 27% of ransomware victims opted to pay to recover data, while in the year prior this stood at 47%, Databarracks found.

This decline comes as victims opt to recover from backups instead of paying ransoms, according to the study, with 57% recovering data through this method.

All told, the study found organizations are now three-times more likely to recover from backups than paying - and it’s a result of a more aggressive approach implemented in response to surging threats.

Nearly three-quarters (72%) of businesses now have air-gapped backups in place, for example, while 59% have immutable backups.

James Watts, Managing Director at Databarracks, said the figures highlight both the success and importance of backup strategies for businesses.

“Recovery isn’t a last resort – it’s a strategy,” he said.

“The organizations that plan and rehearse their recoveries are the ones that come through an attack strongest. That’s how you beat ransomware – not by paying, but by preparing to recover.”

A tougher stance on ransomware

The tougher stance from enterprises on ransom payments comes amid a period of legislative change in the UK, with the government confirming its new ransomware payments ban for public sector bodies and critical infrastructure operators.

Indeed, 24% of enterprises now have a policy that they’ll never pay a ransom, double the figure from 2023.

“The government’s new stance is bold – but the data shows the direction of travel was already clear. In some sense, the policy is a formalization of where UK businesses were already headed,” said Watts.

“Paying the ransom used to feel like the only option. Now, the best-prepared organizations are recovering faster, more reliably, and without funding criminals.”

Research also shows victims are getting better at haggling with ransomware gangs following a breach. Analysis from Sophos last month found more than half (53%) paid hackers less than the original demand after bartering for a lower payout.

That same study also showed companies were prioritizing backup and recovery processes, which has paid dividends.

Nearly half (44%) of companies were able to stop a ransomware attack before data was encrypted, which Sophos said marked a six-year high.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Ross Kelly
Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.

Latest