The overwhelming majority of organizations has been targeted by a ransomware attack in the last 12 months, according to a new study from Active Directory security firm Semperis. 78% of the IT professionals they surveyed for their 2025 Ransomware Risk Report revealed that they had been hit with an attempt in the last year, with 69% of the attempts resulting in a ransom payment being paid.
The hardest hit industry globally was manufacturing, with 81% of IT professionals surveyed admitting their company had fallen victim to a ransomware attack. The same proportion of IT and Telecoms companies were on the receiving end of an attack, while 79% of finance companies were also targeted successfully by cybercriminals using ransomware, the report says.
Cybersecurity is among the biggest concerns for businesses in 2025. Our own research indicates that many businesses are woefully underprepared for the threat landscape, with 98% of senior leaders unable to correctly identify all the signs of a phishing attack. So, while these figures are certainly concerning, they’re far from susprising.
78% of Organizations Hit With Ransomware Attacks
For their 2025 Ransomware Risk Report, Semperis spoke to 1,500 IT and security professionals across multiple industries in the US, UK, Europe, and the Asia Pacific region. They were trying to shine a light on the nature of ransomware attacks in 2025.
78% of surveyed businesses were subject to an attempted ransomware attack in the last 12 months. Shockingly, 69% of successful attempts resulted in the company acquiescing to the attackers’ demands.
This just in! View
the top business tech deals for 2025 👨💻
As discussed in the introduction, manufacturing and telecoms were the hardest hit industries (81%), followed by financial institutions (79%). Interestingly, however, attacker success rates were higher in the finance world (64%) than anywhere else. For comparison, while 67% of government organisations experienced at least one ransomware attack in the last 12 months, only 33% were successful.
In the energy (77%) and transportation sector (71%), the vast majority of companies were also reporting that they had had to deal with a ransomware attack in the last twelve months, reflecting that no stage of the supply chain – from manufacturing to last-mile delivery – is safe from cyberattacks.
Manufacturing Industry Hit the Hardest
The study reveals that the joint-most targeted sector is manufacturing, with a staggering 81% of firms hit with ransomware attempts in the last 12 months. 50% of these attacks were successful, with 63% of breached companies meeting the attackers’ demands. In 61% of cases, companies paid out between $500,000 and $1 million. Coming at second place is the healthcare industry, which continues to be plagued by data leaks and breaches as we move into the tail end of 2025.
Concerningly, 83% of breached manufacturing firms confirm that their identity infrastructure was compromised, while 39% were hit on more than one occasion. This indicates that paying a ransom won’t necessarily ward off further attacks.
The business disruption such attacks can cause is significant. It took between one day and one week for most afflicted manufacturing firms (63%) to resume normal operations, with a further 16% experiencing downtime for between one week and one month. They’re financially costly too, of course, with 61% of manufacturing organisations hit with a ransomware attack paying between $500,000 and $1,000,000 to the perpetrators.
With the vast majority of logistics firms (85%) currently operating at near-full capacity according to our latest industry report, these setbacks could have devastating effects on global supply chains.
Semperis Report Lays Bare Extent of Problem
Cybersecurity is one of the most pressing issues facing the business sector today, with Semperis’s report illustrating that this problem is felt across all industries. Recently, 1.4 million people were hit in a massive data breach at Allianz Life, the latest in a long line of data breaches that have plagued the business world for decades now.
Companies everywhere are still ill-prepared for the scale of the problem, which is only going to get worse with the emergence of highly accessible, incredibly powerful AI tools.
The business world needs to do more. It’s not just a question of increasing cybersecurity budgets — although this is undoubtedly a step in the right direction. More action needs to be taken to procure talent, upskill existing employees, and ultimately introduce a culture of collective responsibility where deterring threats is concerned. Without it, this problem will only get worse.
