Ransomware: to pay or not to pay?

To pay or not to pay, that is the question. Organisations under pressure from a ransomware attack are often desperate to avoid downtime at all costs. Paying the ransom can appear to be a ‘quick fix’ an easy way to get your data back and resume operations.

However, critics argue strongly against paying. They say it only fuels criminal activity by rewarding cybercriminals and encouraging future attacks. And there’s no guarantee you’ll actually regain access to your data after payment.

In fact, paying the ransom may end up costing you more. On top of the ransom, you still face expenses like lost business, disrupted operations, and the costs of recovery. These are unavoidable. Add a ransom payment on top, and you're effectively paying twice.

But there’s more…

03 Jul

The hidden costs

Beyond the immediate financial hit, there are also indirect costs that may be even more damaging. “These can far exceed the direct losses,” says Dennie Spreeuwenberg, CEO of Awaretrain and expert in security awareness. “Think about the reputational damage caused when sensitive personal data is exposed. The financial impact of such a breach can vary, but for many companies it can be devastating.”

Ransomware is not just an internal threat

Many organisations assume that ransomware is only a direct risk within their own organisation: your system will get hit and you pay the price. But that’s not the full picture.

When your IT providers, cloud vendors or software suppliers are attacked, the consequences often extend directly to their customers. Suddenly, your organisation could be offline without you being the one that’s hacked.

As businesses increasingly rely on a handful of key vendors for essential processes, supply chain risk becomes a real threat. That’s why it’s important to make sure to include clear agreements in your contracts and account for supply chain vulnerabilities in your own risk assessments. It’s not just your network you need to worry about anymore, it’s everyone else's too.

What does the research say?

A global ransomware study by Sophos, involving organisations across 17 countries, reveals an interesting trend: the average ransom demand is falling. In 2024, cybercriminals demanded around $2 million. By 2025, that figure had dropped to $1.3 million. Correspondingly, the amount paid by victims is also decreasing.

Another insight from the study highlights a root cause: many organisations admit they lack the necessary skills and knowledge to detect and stop ransomware attacks effectively.

Do you get your data back after paying?

According to Sophos, in 2025 only 49% of organisations who paid the ransom got their data back, down from 56% in 2024. Back-ups remain the most reliable recovery method, used successfully by 54% of organisations.

Conclusion

At first glance, paying the ransom might seem like a quick solution to regain access to your files. But that’s an illusion. Recovering your data takes just as much time and effort whether you pay or not.

In fact, 54% of affected organisations were able to restore their data from backups, without spending a penny on ransom. And when you do pay, the overall cost of the incident nearly doubles. How to protect your organisation from ransomware Absolute cybersecurity doesn’t exist, but you can significantly reduce your risk by taking these three steps:

1. Train your staff

Ransomware often starts with phishing. Train your team to recognise suspicious emails and avoid risks. security awareness remains one of the most powerful defence strategies.

2. Back up your data consistently

Regular, automated backups should be part of your standard operations. They’re vital for preventing data loss and essential for speeding up recovery after an attack.

3. Patch and update systems promptly

Hackers exploit known vulnerabilities in outdated software. Stay ahead of them by keeping your systems patched and up to date, closing off potential entry points.

+31 (0)88 018 16 00 info@awaretrain.com

News & blogs