A new report from German cybersecurity firm Hornetsecurity, which is being acquired by Proofpoint, contains some disturbing news. Their annual Ransomware Impact Report found that a quarter (24%) of businesses reported being victims of a ransomware attack in 2025, which is problematic because it reflects a sharp increase from 18.6% in 2024. The results also mark the end of a multi-year decline in attacks. The report found additional nuggets like AI-driven phishing having significant responsibility in this trend, with 77% of CISOs seeing AI-powered phishing as a real and emerging threat. In addition, the report found that only 46% of organizations have ransomware insurance, down from 54.6% in 2024. In addition, 66% of companies have recently suffered a loss of sensitive data. This figure, which is significantly higher than last year, highlights the need to strengthen resilience.
“Following a multi-year decline in ransomware attacks, 2025 marks a critical turning point for organizations to strengthen their security against faster, smarter, and AI-automated ransomware attacks,” said Daniel Hofmann, Hornetsecurity’s CEO. “It is concerning to see a reduction in businesses investing in ransomware insurance while attacks are on the rise. It’s worth noting, however, that it has become more difficult than ever for businesses to procure insurance for these situations. While hackers continue to use a wider variety of tactics, it’s clear that organizations must increase their security provisions if they are to succeed against these nefarious actors. For example, next-gen email security solutions are effective in keeping threats from reaching inboxes, while security awareness solutions help end-users spot more advanced threats like social engineering. Pair those with immutable backup storage and you have an effective strategy for guarding critical data against ransomware. These tools are effective whether the business is insured for ransomware or not.”
Hornetsecurity says that this reversal of a downward trend highlights a renewed wave of criminal innovation. So what specifically accounts for this unwelcome increase? The rise comes as cybercriminals continue to diversify their methods and leverage new technologies to bypass defenses. While traditional phishing remains the leading attack vector in nearly half of attacks (46%), the report found that a growing reliance on compromised endpoints (26%) and stolen credentials (25%) are increasingly common access vectors. The growing adoption of GenAI and collaborative tools also exposes organizations to new risks, with 60% of CISOs perceiving generative AI as a security threat, and 68% now investing in AI-powered detection and protection capabilities. 61% believe AI has significantly increased the risk of ransomware attacks overall, because attackers are now using generative AI to create highly customized phishing emails, deepfake audio and video for social engineering, and automated, multi-vector intrusion strategies.
A key issue is that “check-box training” against AI-phishing is ineffective. While the research showed positive actions from businesses when it came to certain cybersecurity provisions, cybersecurity training is shown to still be lacking. While three quarters (74%) of organizations reported offering end-user training against ransomware attacks, over two fifths of security leaders (42%) admitted that their training was insufficient or ineffective.
“AI has enabled threat actors to create smarter and more convincing phishing attacks, meaning that cybersecurity awareness training has to evolve,” stated Alain Constantineau, VP Sales Canada at Hornetsecurity. “Training conducted simply to check a box won’t cut it. What companies need is ongoing, personalized training at a frequency that adapts to each user on the team, to help keep security top of mind, every single day. Hornetsecurity’s AI-powered Security Awareness Service automates the process to take the load off the IT team while keeping end users up-to-date with targeted, simulated phishing emails and micro training sessions.”
The study showed that the increase in the use of AI-generated phishing was identified by over three quarters of CISOs (77%) as a growing threat. Despite new and emerging challenges, preparations and improvements in recovery capabilities appear to be paying off, with the proportion of victims paying ransoms at 13% compared to 16.3% in 2024. Improved preparedness has become standard, as 82% of organizations surveyed now have a Disaster Recovery Plan, and 62% utilize immutable backups. The report also discusses the growing issue among SMBs of “false compliance.” This occurs when organizations meet a superficial level of cybersecurity awareness, often through check-box training, but lack adequate follow-up. This contributes to ongoing human error, particularly when sophisticated phishing and social engineering tactics are employed.
In addition, while attacks are increasing, the number of organizations investing in ransomware insurance is down year on year, with less than half of all businesses (46%) making sure they are insured against these attacks, compared to 54.6% last year.
Proofpoint says that human error remains the dominant source of incidents. 66% of CISOs identify the human factor as the primary attack vector, particularly in terms of data leaks and internal compromise. Although training is improving, it often remains superficial, with 42% considering it inadequate. These findings corroborate Hornetsecurity’s conclusions on the limitations of “compliance tick-box” programs.
In addition, 58% of CISOs feel inadequately prepared for cyber threats, despite widely deployed DR plans. This year, respondents also offered insight into their evolving cybersecurity strategies. Investments in endpoint detection tools, regular backups, and user awareness training continue to be key pillars of ransomware defense. Hornetsecurity says that organizations should focus on building resilience by strengthening endpoint protection, adopting multi-layered security architectures, and investing in user awareness training to better prepare for evolving ransomware threats. thus minimizing risk.
“The cost of a data breach through attacks like ransomware is not just theoretical,” Constantineau concluded. “It’s revenue lost, supply chains disrupted, and staff impacted, not to mention reputational damage. Framing these risks in business terms makes it clear to boards and decision-makers that cybersecurity investment is not optional, but essential. When you position cybersecurity as a business enabler rather than a cost, you give it a seat at the table. Cybersecurity isn’t just about protection; it’s a critical driver of operational continuity and long-term stability.”