Ransomware attacks carry huge financial impacts – but CISO worries still aren’t stopping firms from paying out
Increased anxiety over ransomware links directly to its devastating impact on business processes and one’s bottom line


Ransomware attacks come with an average recovery cost of $4.5 million, according to a recent survey, which also found a high proportion of businesses have fallen prey to the malware in the past year.
Data from Absolute Security, which surveyed 500 CISOs based in the US through Censuswide, found 72% of respondents’ firms had dealt with ransomware attacks in the 12 months prior to the survey.
Respondents registered extreme concern over the potential cost of ransomware attacks, with nearly three quarters (73%) indicating a successful ransomware attack could critically incapacitate their business.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
Businesses can recover from ransomware attacks relatively quickly, with 42% of respondents doing so within 24 hours and 39% taking between one to seven days.
Others struggle, though. Around 5% of respondents took over two weeks to get their systems back to normal.
Given its potentially catastrophic impact, ransomware registers as a major concern for CISOs. In the survey, four-in-five respondents identified it as the biggest cyber worry facing their firm.
“Every organization is a target for a ransomware attack, threats are a case of when, not if, so every organization needs a policy of cyber resilience, planning to recover from threats, not just prevent them,” said Andy Ward, senior VP and GM international at Absolute Security
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“Giving security teams the ability to remotely quarantine, or recover, update, and restore, compromised devices can prevent ransomware attacks from consuming an organization, preventing the spread of the breach and maintaining uptime in the face of threats,” Ward added.
“Resilience technology and protocols can then restore and rehydrate devices, wiping them of malicious malware and returning them to a secure state.”
The ransomware economy continues to evolve
Ransomware attacks continue to surge, with businesses forced to remain vigilant as ransomware groups evolve their precise attack methodology and malware strains to evade defenses.
February 2025 was the worst month on record for ransomware attacks and high profile attacks such as the Ingram Micro cyber attack, which was claimed by the SafePay ransomware group, continue to dominate headlines.
Official bodies such as the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency warn against paying out to ransomware operators, as it offers no hard guarantee that data will be returned intact.
In its latest advice on ransomware, the NCSC and UK insurance bodies urged firms to seriously consider their options when dealing with ransomware and to consider the fact that every ransom paid helps fund gangs and encourages future attacks.
Across the world, governments and official advisory bodies are arguing for an end to ransomware payments. The UK government is also weighing up a ban on public organizations meeting ransomware demands.
But in the face of eye watering recovery sums such as those revealed by Absolute Security, some leaders decide to pay out even so.
In June, Sophos published evidence that half of all corporate ransomware victims are now paying up to get their data back but not before haggling the fee down with attackers.
Businesses are increasingly balancing their fears of cyber attacks against reduced budgets and spending flexibility.
In ITPro’s Future Focus 2025 report, over a third of respondents (40%) indicated their firms would spend 20% or less of their total IT budget on cybersecurity, despite increased anxieties over threats such as ransomware.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
Google Cloud announces new data residency flexibility for UK firms, accelerator for regional startups
News UK-specific controls and support for up and coming AI firms is central to Google Cloud’s UK strategy
-
Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problem
News More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Developers face a torrent of malware threats as malicious open source packages surge 188%
News Researchers have identified more than 16,000 malicious open source packages across popular ecosystems
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Using WinRAR? Update now to avoid falling victim to this file path flaw
News WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
A major ransomware hosting provider just got hit US with sanctions
News Aeza Group's services were being used for ransomware, infostealers, and disinformation
-
Hackers are using PDFs to impersonate big brands like Microsoft and PayPal in a new threat campaign
News Hackers are increasingly using PDF attachments to impersonate major brands in phishing campaigns, according to new research from Cisco Talos.
-
UK firms are 'sleepwalking' into smart building cyber threats
News The convergence of operational technology and IT systems is posing serious risks for property firms.
-
5 Steps to Prioritize Based on Risk with Snyk