Nearly half of data breaches now involve ransomware

US telecom operator Verizon released the latest edition of its Data Breach Investigations Report on April 23, 2025. The report is based on an analysis of 22,000 security incidents worldwide in 2024, including 12,195 confirmed data breaches. Breaches involving ransomware now account for 44% of the total, compared to roughly one-third in 2023.

Researchers also noted that ransom payment rates declined, falling from 50% in 2022 to 36% in 2024. The median amount paid to cybercriminals also dropped, reaching $115,000 (€101,000), down from $150,000 (€132,000) the previous year. In 2023, the top 5% of ransom payments exceeded $9 million (€7.9 million); in 2024, they “only” exceed $3.3 million (€2.9 million).

This decline is primarily due to greater resilience among large organizations against ransomware attacks, which has led cybercriminals to increasingly target small and medium-sized businesses. “In large enterprises, ransomware accounts for 39% of breaches, while small and medium-sized businesses experienced ransomware-related breaches in 88% of cases,” the report states.

Verizon also highlighted a 34% increase in attackers exploiting vulnerabilities to gain initial access and cause security breaches. Finally, the report notes a doubling in the number of breaches involving a third party, now making up 30% of the total.