Australian and New Zealand organisations are facing some of the most severe waves of ransomware attacks globally, with a growing number being repeatedly targeted and threats increasingly directed at executives, according to the 2025 Ransomware Risk Report from Semperis.
Based on a survey of nearly 1,500 organisations worldwide, the report found that one in three ransomware attacks in the region were repeat incidents within a year, far exceeding the global average. Many of these attacks are strategically timed, with 52 per cent launched during weekends, public holidays, or after business disruptions such as layoffs or mergers, when IT teams are not fully operational.
The study revealed that 80 per cent of organisations in the region suffered ransomware incidents following internal disruptions, compared to 60 per cent globally. Attackers are also increasing psychological pressure, with 43 per cent of Australian victims reporting threats of physical harm to executives if ransom demands were not met. In addition, 47 per cent of breached companies across all surveyed countries said hackers threatened to file regulatory complaints unless incidents were reported as directed.
While 99 per cent of surveyed organisations in Australia and New Zealand have a Security Operations Centre, 89 per cent said these centres are not fully staffed outside regular hours. Financially, the report showed that 57 per cent of Australian victims paid ransoms multiple times in the past year, with 12 per cent paying three or more times. Globally, 38 per cent of affected companies reported multiple payments.
Government and industry leaders emphasise that transparency and strong reporting requirements are essential to disrupt ransomware groups. Technical experts also stress the importance of quickly restoring critical systems such as Active Directory after breaches, as attackers often target identity infrastructure. Alarmingly, in 20 per cent of cases where ransoms were paid, the provided decryption keys were unusable, and in some cases, data was still leaked.
Experts urge organisations to enhance resilience by securing supply chains, conducting regular incident response exercises, and staying ahead of evolving attack methods. As one cybersecurity leader noted, “Paying ransoms should never be the default option… Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
