Cyberstats

Security Intelligence

VendorsSophos

Sophos

Cybersecurity reports and statistics published by Sophos

8 categories2 reports

Research Reports

Reports and publications from Sophos

State of Ransomware in Retail

11/4/2025

The State of Ransomware 2025

6/24/2025

Recent Statistics & Reports

46% of retail ransomware incidents were traced to an unknown security gap in 2025

11/9/2025
RansomwareSecurity gapRetail

The average cost of recovering from a ransomware attack in retail, excluding any ransom payment, dropped by 40% to $1.65 million in 2025, the lowest point in three years

11/9/2025
RansomwareRansom Retail

62% of retailers who experienced attacks restored their data using backups in 2025, the lowest rate in four years

11/9/2025
RansomwareEncrypted dataBackup

47% of retail IT/cybersecurity teams reported increased pressure after experiencing data encryption in 2025

11/9/2025
RansomwareData encryptionRetail

The median ransom demand for retail ransomware attacks doubled to $2 million in 2025 compared to 2024

11/9/2025
RansomwareRansom Retail

The proportion of retailers hit by extortion-only attacks tripled from 2% in 2023 to 6% in 2025

11/9/2025
RansomwareExtortion-only attackRetail

58% of retail organizations with encrypted data paid the ransom in 2025, marking the second highest payment rate in five years

11/9/2025
RansomwareEncrypted dataRansom

26% of cases in retail saw leadership teams replaced as a result of data encryption in 2025

11/9/2025
RansomwareLeadershipRetail

Overall, 63% of organisations cited resourcing issues as a contributing factor to falling victim to a ransomwre attack.

6/24/2025
Ransomware

Over half (53%) of organisations fully recovered from a ransomware attack in a week, up from 35% last year.

6/24/2025
RansomwareRecovery

Only 18% took more than a month to recover from a ransomware attack, down from 34% in 2024

6/24/2025
RansomwareRecovery

Nearly 50% of companies paid a ransom to recover their data, which is the second highest rate of ransom payment for demands in six years.

6/24/2025
RansomwareRansom

Healthcare reported the lowest median ransom payment at $150,000.

6/24/2025
RansomwareRansomHealthcare

44% of companies were able to stop the ransomware attack before data was encrypted, marking a six-year high.

6/24/2025
RansomwareData encryption

Data encryption was at a six-year low, with only half of companies having their data encrypted in a ransomware attack.

6/24/2025
RansomwareData encryption

The median ransom payment was $1 million.

6/24/2025
RansomwareRansom

Companies with over $1 billion in revenue faced a median ransom demand of $5 million.

6/24/2025
RansomwareRansom

Lack of people/capacity was most frequently cited factor for falling for a ransomware attack by those with 251-500 employees.

6/24/2025
RansomwareTalentStaff

The average cost of recovery from a ransomware attack dropped from $2.73 million in 2024 to $1.53 million in 2025.

6/24/2025
RansomwareCost

The median ransom demand decreased by a third between 2024 and 2025.

6/24/2025
RansomwareRansom

Showing first 20 results

Top Categories

Ransomware
29
Ransom
11
Retail
8
Data encryption
3
Ransom
2
Encrypted data
2
Recovery
2
Vulnerabilities
2

Related Vendors

Rubrik Zero Labs
10 stats
Forescout
9 stats
CROWDSTRIKE
79 stats
Fortinet
40 stats
Deskpro
7 stats
LevelBlue
10 stats