A rising number of businesses are paying ransoms after cyberattacks, as hackers increasingly use artificial intelligence to make attacks more targeted and damaging, according to new research.
Data from cybersecurity consultancy S-RM and advisory firm FGS Global shows that 24.3 percent of organisations hit by ransomware in 2025 paid the demanded sums, up sharply from 14.4 percent in 2024. This marks the first significant increase in ransom payments after two years of decline, though figures remain below the 27.6 percent peak recorded in 2022. Analysts say the jump highlights how cybercriminals are improving their ability to pressure victims into paying.
AI is playing a central role in this shift. Criminals are now using AI tools to analyse stolen or publicly available data to pinpoint the most sensitive information within a company. By targeting data that could cause the greatest operational, financial, or reputational damage if exposed, attackers are able to increase the urgency for victims to comply.
Jamie Smith, head of cybersecurity at S-RM, said, “Attackers are using AI to find the most sensitive information that could cause maximum damage. Threats are becoming far more specific and personalised, designed to maximise the victim’s fear and willingness to pay.”
Ransom demands in 2025 ranged from $10,000 to over $1 million, with the average payment reaching $296,000. Experts caution that the total cost of an attack is often far higher, factoring in operational disruption, legal and regulatory costs, reputational damage, and expenses related to rebuilding IT infrastructure.
Industries such as manufacturing and industrial production were particularly vulnerable, given their reliance on continuous operations. Ransomware can halt factories, logistics systems, and supply chains, sometimes leaving companies to view payment as the quickest way to resume operations. A notable example in 2025 involved Jaguar Land Rover, whose factories worldwide were forced to close for a month following a ransomware incident. Major UK retailers, including Marks & Spencer and Co-op, were also targeted, though it remains unclear if ransoms were paid.
The true scale of ransomware payments is difficult to measure, as many companies choose not to disclose whether they comply with demands. Security specialists warn that publicly admitting to paying could make organisations more attractive targets in the future. Negotiations are often handled privately with cybersecurity consultants, insurers, and crisis management advisors.
Jenny Davey, co-head of crisis management at FGS Global, described AI as a “double-edged sword.” While it improves efficiency and performance, it also creates new vulnerabilities for cybercriminals to exploit. Experts advise that companies adopt comprehensive cybersecurity measures, including employee training, secure data management, incident response plans, and regular system testing, to reduce the risk of ransomware attacks.
As ransomware grows more sophisticated and AI-powered, businesses across all sectors face mounting pressure to strengthen defenses and protect sensitive information before becoming the next target.
