State Of Ransomware Report 2024

Screenshot 2025-06-12 at 14.45.49

The fifth Sophos annual study of the real-world ransomware experiences of organizations around the globe explores the full victim journey, from root cause through to severity of attack, financial impact, and recovery time. Fresh new insights combined with learnings from our previous studies reveal the realities facing businesses today as well as how the impact of ransomware has evolved over the last five years.

This year’s report also incorporates brand new areas of study, including exploration of ransom demands vs. ransom payments, together with a heightened focus on the impact an organization’s revenue has on their ransomware outcomes. Plus, for the first time, it shines a light on the role of law enforcement in ransomware remediation.

A note on reporting dates

To enable easy comparison of data across our annual surveys, we name the report for the year in which the survey was conducted: in this case, 2024. We are mindful that respondents are sharing their experiences over the previous year, so many of the attacks referenced occurred in 2023.

About the survey

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year. Within the education sector, respondents were split into lower education (catering to students up to 18 years) and higher education (for students over 18 years).

Download State of Ransomware Report 2024

What’s in this article

    You may be interested in

    The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery

    Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…

    Read the article

    Outgrowing your MSP; businesses need a provider that scales with their growth

    To stay competitive, business leaders must align with MSPs that deliver strategic value, drive innovation, and support to scale. Now firmly into 2025, it’s becoming clear what the year has in store for the IT landscape. For SMBs, the message is clear: business growth must be matched with smarter, more scalable managed services. The demand for cyber-resilient, cloud-first and AI-integrated solutions is no longer a forecast – it’s a reality already shaping business priorities. According to leading global technology market analyst firm Canalys’ MSP Trends 2025 report, the MSP model is transforming under growing pressure…

    Read the article

    End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise

    Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be.  In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining…

    Read the article

    UK SMEs must fortify their cybersecurity against geopolitical risks, says Espria

    A recent Sky News investigation highlighted an uptick in cyberattacks tied to the Iran conflict that are targeting businesses across multiple sectors. Speaking at the NATO Summit, Prime Minister Sir Keir Starmer urged UK businesses, regardless of size or sector, to prioritise cybersecurity and ‘take immediate steps to review and strengthen their defences.’ While the warning is timely in tone, businesses are already becoming targets of politically motivated cyberattacks, emphasising the need for heightened vigilance. “As tensions spread globally, threat actors will continue to exploit digital vulnerabilities, and neutral businesses may be caught in the…

    Read the article

    Windows 10

    End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise

    End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise

    Read the article

    Why Businesses Should Invest in ESG: Lessons learned by Espria

    In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…

    Read the article