Our annual Global Ransomware Survey takes the pulse on one of the most persistent threats to businesses. Now in its fourth year, the 2025 survey captured insights from nearly 1,800 security and business leaders. It explores the attacks they face, the protections they’ve put in place, and how they’re responding to new pressures, including the growing use of AI and the risks hidden in complex supply chains.
The findings show progress, but challenges persist. Organizations feel more confident than ever in their ransomware readiness, but recovery remains inconsistent. AI is changing both attack offense and defense, and more executives are speaking up about ransomware’s growing impact across the business.
AI: Internal Use Without Guardrails and Attacks Without Limits
AI is now embedded in daily business operations. Eighty-eight percent of organizations allow employees to use GenAI tools, yet fewer than half have a formal use policy in place. While enterprises lead here, with nearly 10% more reporting policies compared to SMBs, clear governance gaps exist across the board.
Attackers are also capitalizing on using GenAI tools. More than half of respondents observed an uptick in phishing and ransomware attempts due to AI, and 44% reported experiencing deepfake-style impersonation attempts in the past year.
The outcome? AI is accelerating productivity for employees and adversaries alike. Organizations that don’t put guardrails around its use risk falling behind attackers who move faster with fewer constraints.
Attacks from Everywhere: Third-Party and Supply Chain Risks
While AI dominates threat increases, supply chain and third-party risks continue to quietly expand attack surfaces. Two in five respondents experienced a ransomware attack in the past year, and nearly half were hit more than once. A quarter of victims traced the attack back to a software vendor.
The good news is that awareness is growing. Seventy-eight percent of organizations now assess software supplier cybersecurity, and 82% have patch management in place. This marks progress and highlights how building resilience increasingly depends on more than just internal defenses. Every partner, supplier, and digital connection is part of the security perimeter, and organizations are only ever as strong as the weakest link in their ecosystems.
As Business Risks Mount, Ransomware Becomes a Boardroom Priority
The widening gap between confidence and outcomes is making ransomware a key executive discussion topic. Seventy-one percent of respondents say their executive teams now rank ransomware as a top-three business risk, and 64% report being asked by customers or partners about readiness in the past year.
That external and internal pressure is shaping budgets and strategy. Cloud security, backup technologies, and user training top the list of security investment priorities for 2026, with 77% of organizations already conducting regular security awareness training. These steps reflect a growing recognition that real resilience requires layers: technology, governance, and people working together.
Moving from Confidence to Resilience
Our 2025 Global Ransomware Survey finds that confidence isn’t the same as resilience. To stay secure, organizations need security strategies that keep pace with the latest threats, from AI risks to supply chain complexity and recurring attacks.
At OpenText, we help organizations gain true resilience. Our integrated security platform brings together prevention, detection, response, and recovery, supported by real-time threat insights and governance tools that keep data and AI use secure. Built for simplicity and integration, our solutions help businesses stay protected amid constant change.
Looking Ahead
Ransomware will continue to evolve but so can defenses. The organizations that turn confidence into true resilience will be those that unite prevention, preparedness, and recovery into one connected and holistic security approach.
To view the full 2025 Global Ransomware Survey findings and learn more about OpenText Cybersecurity, visit our website here.
