According to the results of the “Risk to Resilience: VEEAM 2025 report on trends and proactive strategies against ransomware”, the 69% of companies continue to suffer cyber attacks even though they have improved their protection practices and resilience, increasing their protection. This has made the percentage of attacked companies decrease from 75%, but obviously not enough.
This reduction is also to a greater collaboration between IT and cybersecurity teams. But as ransomware attacks increase from any type of source, organizations must adopt proactive resilience practices. In this way they will reduce risks and recover from incidents more quickly and efficiently.
The report, made from a survey between 1,300 organizations, indicates that security forces force the threatening actors to adapt. Thus, in 2024, the coordinated efforts of the security forces caused draft interruptions in the main ransomware groups, such as Lockbit or Blackcat. However, the number of smaller groups and independent attackers has increased.
On the other hand, data filtration attacks are increasing. Specifically, the tendency towards exclusive exfiltration attacks, which occur when cybercriminals enter the network of an organization and only steal sensitive data without encrypting or blocking them, transferring them outside the company. Organizations that have weak security measures are particularly sensitive to these types of attacks.
Ransomware payments are going down. In 2024, 36% of the companies affected by such an attack decided not to pay the rescue. Of which they paid, 82% paid less than what they asked and 60% paid less than half. They are, yes, arising legal consequences of the payment of bailouts, with new regulations and legal frameworks that discourage these payments. Among them the international initiative against ransomware.
The improvement of communication between IT operations and security equopos, together with collaboration with security forces and sector agents has reinforced resilience against these attacks. In addition, budgets for safety and recovery have increased. However, although more resources are being assigned to safety and recovery, there is still a remarkable gap in investment in relation to the threat panorama.
Companies that give priority to data resilience can recover from attacks up to seven times faster, and also lose less data. All have in common the existence of solid backup and recovery strategies, as well as the implementation of proactive security measures and incident response plans. The conclusions of the report also encourage to adopt rule 3-2-1-1-0 of the data resilience, and guarantee that backups are immutable and free of malware before restoring them.
69% of organizations believed to be prepared before suffering an attack, according to Veeam, but their confidence fell more than 20% later, which reveals lagoons in planning. Although 98% of respondents had a rules book against ransomware, less than half of organizations included key technical elements. Such as the verifications and frequencies of the backup (44%) and a predefined command chain (39%).
The Cios also experienced a 30% decrease in their level of preparation after the attack, while the fissions only fell by 15%, which suggests to Veeam that they have a clearer idea of their company’s security position.
Anand Eswaran, CEO de Veeamstressed that «Organizations are improving their defenses against cyber attacks, but 7 out of 10 suffered an attack last year. And of the attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%. Our last findings clearly indicate that the threat of ransomware will continue to challenge organizations during this 2025 and in the future. As the nature and rhythm of attacks evolve, it is essential that all organizations go from security measures reactive to proactive strategies of data resilience. By adopting a proactive security approach, investing in solid recovery solutions and promoting collaboration between departments, organizations can significantly reduce the impact of ransomware attacks. ”
