A new report from UK-based cybersecurity firm Sophos reveals that 53% of Indian organizations affected by ransomware in 2024 paid cybercriminals to regain access to their encrypted data. While ransom payments dropped significantly—median payouts fell by 79% to Rs. 4 crore (USD 481,636)—the broader financial impact of these attacks remains severe. Companies continue to bear substantial recovery costs, averaging over Rs. 8.4 crore (USD 1.01 million) excluding ransom payments. The study, based on insights from 378 Indian IT and cybersecurity firms, underscores persistent technical and operational vulnerabilities, highlighting the urgent need for a more resilient national cybersecurity posture.
Ransomware Still Haunts India Inc.
Despite heightened awareness and strengthened security frameworks, ransomware remains a formidable threat to Indian enterprises. According to the State of Ransomware in India 2025 report by Sophos, more than half (53%) of surveyed organizations that experienced ransomware attacks last year ended up paying the ransom to reclaim access to their data.
This figure, while alarming, mirrors global patterns where critical business operations and sensitive data often hang in the balance, compelling companies to make swift—and costly—decisions under duress. The findings are derived from a survey conducted between January and March 2025, targeting 378 Indian IT and cybersecurity professionals whose organizations faced ransomware incidents.
Median Ransom Payments Drop, But Recovery Costs Surge
The good news is that ransom payments are decreasing. The median ransom demanded by attackers dropped by 52%, from USD 2 million (approx. Rs. 16.6 crore) to USD 961,289 (around Rs. 8 crore). Even more notably, actual ransom payouts declined by 79% to USD 481,636 (roughly Rs. 4 crore).
However, this decline does not translate to reduced overall costs. The average post-attack recovery expenditure in India stood at USD 1.01 million (approximately Rs. 8.4 crore), excluding ransom payments. These expenses typically include costs related to downtime, system restoration, incident response, and legal or compliance-related consequences.
These figures suggest that even when companies negotiate smaller ransoms or avoid paying them altogether, the downstream financial impact of an attack can be even more damaging than the ransom itself.
Vulnerabilities and Entry Points: The Technical Breakdown
The report identifies the leading vectors exploited by threat actors in 2024:
- Exploited Vulnerabilities: 29% of ransomware incidents stemmed from attackers capitalizing on unpatched software or system flaws.
- Compromised Credentials: 22% of attacks were enabled by stolen or weak user credentials.
- Malicious Emails: Phishing emails or infected attachments accounted for 21% of breaches.
These entry points underscore ongoing challenges in cybersecurity hygiene, particularly around patch management, identity protection, and email filtering. Sophos’ findings reaffirm that basic cyber hygiene continues to be a weak link in corporate security chains.
Internal Gaps: The Human and Organizational Factors
Beyond the technical failures, organizational shortcomings are also contributing to the persistence of ransomware threats. Around 40% of respondents cited a lack of skilled cybersecurity professionals, inadequate endpoint protection tools, and outdated or insufficient cybersecurity strategies as major contributors to their organization’s vulnerability.
This operational deficit reflects a broader industry challenge in India: the shortage of qualified cybersecurity talent. Despite a growing digital economy, the gap between demand for skilled professionals and available workforce continues to widen, leaving many businesses exposed.
Implications for Indian Enterprises and Policymakers
The Sophos report paints a sobering picture. While organizations may be making progress in reducing ransom payments, they are far from achieving comprehensive cyber resilience. The growing costs of recovery, even in the absence of ransom payouts, call for a more holistic and forward-looking approach to cybersecurity.
For policymakers, the findings reinforce the importance of incentivizing cyber-readiness, supporting workforce development, and promoting widespread adoption of modern cybersecurity frameworks across industries. For corporate leaders, investing in proactive defense strategies—such as vulnerability management, employee training, zero-trust architecture, and continuous monitoring—should no longer be optional.
Conclusion: Fighting a Battle on Two Fronts
The battle against ransomware is not just a matter of technology—it’s a test of preparation, leadership, and organizational culture. As Indian companies digitize operations at an unprecedented pace, their cyber defenses must evolve accordingly. The findings from Sophos make it clear: while paying ransom may offer temporary relief, the real solution lies in fortifying systems, building internal capacity, and fostering a culture of continuous cyber vigilance.
Comments