he proportion of businesses paying ransom demands after cyberattacks has risen sharply as hackers deploy increasingly sophisticated tactics, including artificial intelligence-driven targeting that intensifies pressure on victims to surrender sensitive data or restore operations. A recent cybersecurity analysis found that roughly 24.3 percent of companies struck by ransomware in 2025 ultimately paid attackers—up significantly from 14.4 percent the previous year—suggesting criminals are becoming more effective at exploiting operational disruptions and data exposure threats to extract payment. Industrial and manufacturing firms have been particularly vulnerable because even brief system shutdowns can cripple production lines and supply chains, making ransom payments appear to executives as the least damaging option. Individual ransom payments can range from roughly $10,000 to more than $1 million, with an average around $296,000, while attackers increasingly use AI to identify the most sensitive corporate information and craft psychological pressure campaigns aimed at executives and employees. The rising payment trend underscores a troubling reality in the digital economy: despite years of warnings from cybersecurity experts and law enforcement, many companies still find themselves forced to negotiate with cybercriminals when business operations grind to a halt and reputational damage looms.
Sources
https://www.thetimes.com/business/technology/article/more-companies-paying-ransoms-cyberattack-krkkv6llh
https://bmmagazine.co.uk/in-business/companies-paying-ransomware-demands-rise-ai-cyberattacks-2025/
https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts
Key Takeaways
- The share of companies paying ransomware demands rose sharply in 2025, reaching about 24 percent after declining in prior years.
- Cybercriminal groups are increasingly using artificial intelligence and targeted extortion tactics to pressure organizations into paying.
- Manufacturing, industrial, and operationally sensitive sectors are among the most likely to pay ransoms because downtime can cause severe financial damage.
In-Depth
Ransomware has evolved from a nuisance affecting individual computers into a full-scale criminal enterprise targeting major corporations, infrastructure operators, and government agencies. The modern ransomware attack is rarely a simple matter of locking a company’s files. Instead, criminal groups now conduct highly organized campaigns that involve infiltrating networks, exfiltrating sensitive data, and threatening public exposure unless a ransom is paid. For businesses that depend on uninterrupted operations, the pressure can be immense.
Recent research indicates that the share of companies paying ransoms climbed to about 24.3 percent in 2025, reversing a downward trend seen in previous years. This shift is widely attributed to the growing sophistication of cybercriminals, many of whom are now leveraging artificial intelligence tools to analyze stolen data and identify the most damaging information they can threaten to release. By pinpointing trade secrets, customer records, or confidential communications, attackers can tailor their demands to maximize the victim’s fear of reputational and financial damage.
Industrial and manufacturing firms appear particularly vulnerable. When ransomware shuts down production lines or disrupts logistics systems, every hour of downtime can translate into millions of dollars in lost output. In that environment, corporate leaders often face a stark calculation: either endure prolonged operational paralysis while attempting recovery, or pay the ransom in hopes of restoring systems quickly.
The sums involved vary widely. Payments can range from relatively small demands of around $10,000 to multimillion-dollar extortion attempts. On average, ransom payments have hovered in the hundreds of thousands of dollars, although some industries report higher typical figures. Even when companies decide to pay, there is no guarantee the criminals will fully restore access to systems or delete stolen data.
Despite repeated warnings from cybersecurity experts and law enforcement agencies that paying ransoms only fuels further attacks, the reality of modern cyber warfare leaves many organizations with few immediate alternatives. As businesses become more digitized and interconnected, the stakes continue to rise, making ransomware not merely a technological problem but a major economic and national-security challenge.