Australia & New Zealand lag in rapid ransomware recovery rates

The latest State of Ransomware Survey from CrowdStrike reveals high levels of confidence among IT and cybersecurity leaders in Australia and New Zealand, but highlights a mismatch between this confidence and the actual ability to recover from ransomware attacks.

The survey found that 55% of organisations across Australia and New Zealand considered themselves "very prepared" before experiencing their most recent ransomware incident. This ranks the region as having the second highest level of perceived ransomware readiness globally, surpassed only by Singapore and ahead of India, the United States, United Kingdom, Germany, and France.

Despite this feeling of preparedness, Australia and New Zealand had one of the slowest recovery rates following an attack, and the region was identified as the third most targeted for ransomware worldwide. Over the past year, 78% of organisations in these two countries faced a ransomware attack, which is third after Germany and the US.

Only 9% of organisations in Australia and New Zealand were able to recover from a ransomware attack within 24 hours, despite 86% of respondents expressing confidence in their organisation's ability to achieve such rapid recovery. Individual sectors showed similar discrepancies: 60% of respondents in the public sector felt "very well prepared", but just 12% recovered within a day; in the manufacturing sector, 58% felt well prepared, yet the same proportion managed swift recovery. For healthcare, 52% considered themselves very prepared, but only 23% achieved recovery in less than 24 hours, while in financial services the figures were 52% versus 38%.

Comparatively, the UK led other countries in rapid recovery, with 35% of organisations able to remediate within 24 hours. Germany, France, the US, and India also outperformed Australia and New Zealand by this metric.

Attack characteristics

The study highlighted the nature of ransomware attacks in the region. In Australia and New Zealand, 46% of attacks were intended to gain access to additional systems or networks, while 40% directly encrypted or locked access to data or systems.

Globally, the survey polled 1,100 senior IT and cybersecurity decision-makers, including 100 respondents from Australia and New Zealand. The findings pointed to a trend where organisations overestimate their ability to respond and recover from ransomware threats.

AI-driven threats

The report outlined the growing challenges posed by artificial intelligence in ransomware operations. Worldwide, 87% of respondents observed that AI-powered social engineering tactics are more convincing and harder to detect than traditional attack methods. Among Australian and New Zealand respondents, 49% strongly agreed with this assessment.

According to the survey, 76% of global IT leaders now believe "it's increasingly difficult to be fully prepared" as criminals exploit AI tools to outpace defenders. One unnamed Australian C-level executive commented, "We underestimated how quickly hackers could move. Our security investments failed to keep pace with growing threats."

"From malware development to social engineering, adversaries are weaponizing AI to accelerate every stage of attacks, collapsing the defender's window of response," said Elia Zaitsev, Chief Technology Officer at CrowdStrike. "The 2025 State of Ransomware Survey reinforces that legacy defenses can't match the speed or sophistication of AI-driven attacks. Time is the currency of modern cyber defense - and in today's AI-driven threat landscape, every second counts."

AI-automated attack chains were cited by 48% of respondents as the most pressing ransomware threat, with 85% reporting that legacy detection looked increasingly obsolete. Nearly half of surveyed organisations feared they could not detect or respond as quickly as AI-enhanced attacks unfold.

Financial impact and persistent risks

The global average cost of downtime per ransomware incident reached USD $1.7 million. In Australia, the average downtime costs for the public sector stood at USD $2.5 million, followed by healthcare at USD $1.5 million and financial services at USD $1.3 million. One executive from an Australian financial services provider said, "Budget cuts created gaps in our defenses. We saved money on security tools, but the ransom cost far more."

The report found that paying the ransom did not guarantee positive outcomes. Globally, 93% of organisations that paid a ransom suspect that data was exfiltrated regardless, and 83% went on to be targeted by attackers in subsequent incidents.

Leadership and preparation gaps

A disconnect remains between leadership perceptions and operational preparedness, with 76% reporting a mismatch between confidence at leadership level and actual response capabilities. This highlights the survey's call for increased board-level engagement and investment in modern defensive measures to address changing tactics from attackers.

CrowdStrike's research also underlined the criticality of adopting AI-powered protection, with 89% of respondents considering such solutions essential in closing the gap between attacker and defender capabilities.