While Verizon’s latest Data Breach Investigations Report (DBIR) had its share of distressing conclusions—including an increase in vulnerability exploits and third-party compromises—there’s at least one encouraging takeaway: ransom payments are down.
Chris Novak, VP of global cybersecurity solutions at Verizon, says paydays for malicious hackers have decreased in both amount and frequency because companies are better prepared, thanks to an increase in practices like ransomware simulations and data backups.
“Organizations are getting to a better maturity place. A lot of organizations felt pressured or compelled to pay ransoms because they didn’t have any other way out. They were really held hostage. Now I think organizations have learned a lot,” Novak told us.
According to Verizon’s DBIR, which studied 12,195 data breaches from November 1, 2023 to October 31, 2024, the median amount paid to ransomware actors slid to $115,000, from $150,000 last year. Sixty-four percent of victims did not pay the ransom—an increase from 50% in 2022.
Ransom-still-every-where, though. The DBIR still saw ransomware present in 44% of all breaches, compared to 32% the previous year.
Insurer At-Bay revealed in a recent report that insured customers had 19% more direct ransomware incidents in 2024 compared to 2023, and the average severity of direct ransomware incidents also increased by 13% to $468,000, according to the firm.
Payback! At-Bay, however, has observed a decrease in ransomware payouts. Adam Tyra, At-Bay’s CISO for customers, sees the insurer’s mandatory controls like offline data backups and multi-factor authentication helping to mitigate ransomware.
Ransomware is “turning into a little bit of the ‘Wild West’ lately,” according to Tyra, with an increasing number of groups lacking dependable track records related to data deletion or providing decryptor tools after a ransom is paid.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“We have to say we don’t really know,” Tyra said. “That has an impact on people's willingness to pay.”
Incident-response firm Coveware has registered a gradual decline in ransomware payments since 2019. In Q4 of 2024, the org found that an all-time low of 25% of victims paid the ransom.
The figure “suggests that more organizations are improving their cybersecurity defenses, implementing better backup and recovery strategies, and refusing to fund cybercriminals,” the report read.
Prep rally. Novak said Verizon’s ransomware simulation services lately are “through the roof.” Companies are increasingly running disaster scenarios with senior leadership, he said: this system is locked, this set of data is down, this manufacturing facility has gone offline.
“When an event occurs, they’re less stressed out, pulling their hair out, and they’re more [thinking], ‘We’ve practiced for this,’” Novak said.
IT management company Kaseya, in a survey released in October 2024, found that 44% of respondents who did not pay a ransom restored everything from full backups.
ECU Health, a 1,447-bed facility in North Carolina, is just one example of an organization conducting annual tabletop exercises to prep staff for disaster-recovery scenarios.
Healthcare paying the price. A Kroll report found that healthcare was the most breached industry in 2024, accounting for 23% of breaches, compared to 18% in 2023. The firm’s Global Head of Breach Notification Denyl Green told IT Brew in February that she is surprised at the prevalence of ransomware payments.
“It feels a bit like we’re enabling the threat actors to continue this behavior with those sorts of payments. We’re giving them what they want. It’s not helping secure my data,” she said at the time.