SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Ninety per cent of local firms pay ransomware demands, report finds

Today

Despite years of warnings from authorities, more than 90 per cent of Australian organisations targeted by ransomware in the past year chose to pay the attacker's ransom demands, according to new research released today.

The findings come from Rubrik Zero Labs' annual report, The State of Data Security in 2025: A Distributed Crisis, which paints a sobering picture of local cybersecurity preparedness and resilience. Based on interviews with more than 1,600 IT and security leaders across 10 countries—including Australia—the report highlights serious vulnerabilities in how organisations defend and recover from attacks.

One of the most concerning statistics in the Australian data is that 91 per cent of security leaders surveyed admitted their organisation paid a ransom to recover data or stop an attack during the past year.

"Paying an attacker supports the cybercrime business model, encourages further attacks and continues the cycle," said David Rajkovic, Vice President, Rubrik A/NZ.

The report also reveals that the rise in ransom payments is being driven by a shift in attacker strategy. Increasingly, ransomware groups are targeting not just live systems but also backup infrastructure—systems that organisations typically rely on to recover their data without negotiating with criminals.

Rubrik found that 78 per cent of Australian IT and security leaders who experienced a ransomware incident reported that attackers were able to at least partially damage their backup and recovery options. Alarmingly, more than a third (35 per cent) said the attackers were completely successful in doing so.

In a conventional ransomware scenario, organisations would typically be able to reboot their operations using clean backup data saved prior to the attack. However, when those backups are also compromised, the chances of a full and independent recovery drop dramatically.

"Unfortunately, we're seeing Australian organisations lulled into a false sense of security from the attack prevention focused security measures they've implemented and being completely unprepared once those defences have been thwarted," Rajkovic said.

The report also points to a broader trend making organisations more vulnerable: the growing complexity of their IT environments. Nearly all (98 per cent) of Australian respondents said they now rely on between two and five cloud or software-as-a-service (SaaS) platforms for data storage, applications and services. This increased dependence on multiple platforms is significantly expanding the potential attack surface.

Adding to the difficulty, 66 per cent of respondents indicated plans to further increase their use of cloud and SaaS platforms in the coming year. With this growth, concerns around data security, privacy and compliance are also rising. The top challenges cited by Australian organisations included securing sensitive data across multiple environments (38 per cent), compliance and privacy concerns (34 per cent), and a lack of centralised management (34 per cent).

"Attackers are no longer breaking in, they're logging in," said Rajkovic. "They are increasingly stealing credentials to compromise their victims' cloud and SaaS platforms. This demands a shift in defence strategies and the adoption of an 'assumed breach mindset.'"

He stressed that while preventative measures remain critical, organisations need a robust recovery strategy that includes cyber resilience and the ability to rapidly resume operations after an attack.

"Prevention strategies are critical, but they need to be complemented with a robust recovery strategy for when those measures fail—one that ensures cyber resilience and gets the business back up and running as quickly as possible," Rajkovic said.

Rubrik's findings underscore the challenges facing Australian organisations as they attempt to secure sensitive data across an increasingly complex digital landscape. The research draws on both interviews and telemetry data from Rubrik's customer environments, which include 5.8 billion files across cloud and SaaS platforms and over 175 million classified as sensitive.

The report suggests that without significant improvements to data protection and recovery strategies, Australian businesses may remain trapped in a cycle of ransomware vulnerability—left with little choice but to pay attackers to regain control of their operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X