A new survey conducted by McGrathNicol in their 2025 Ransomware Report highlights a significant paradox in Australia’s battle against ransomware: while the frequency of ransomware attacks has increased, the willingness of Australian organizations to pay the ransom has notably decreased.
The report, which draws insights from over 800 decision-makers in companies with 50 or more employees, shows that 69% of businesses have experienced ransomware incidents in the past five years. However, only 64% of these organizations chose to pay the ransom, citing several reasons for their reluctance.
Why Businesses Are Hesitant to Pay
According to the findings, many companies are now reluctant to meet the demands of cybercriminals, for a variety of reasons. Firstly, paying the ransom is often viewed as a reward for criminal activity—one that potentially encourages further illegal behavior. Secondly, there is no guarantee that paying the ransom will actually result in receiving the decryption key needed to regain access to encrypted files. This uncertainty, coupled with the fear of future attacks, has led many businesses to reject ransom demands altogether.
Moreover, the McGrathNicol survey reveals a significant shift in the financial dynamics of ransomware attacks. The average amount paid by victimized organizations has almost halved compared to previous years, falling from a staggering $1.35 million in 2024 to $711,000 in 2025. This decline in ransom payments suggests that Australian businesses are becoming increasingly savvy in their approach to cyber-crime, often opting for other strategies to mitigate the impact of an attack.
Decline in Ransom Payments and Emerging Trends
Despite the overall decline in ransom payments, the survey found that businesses were still inclined to pay, but for significantly lower sums. The average ransom businesses are willing to pay has dropped to $906,000, down from $1.42 million at the start of 2024. This shift could be attributed to a range of factors, including improved cybersecurity preparedness, increased regulatory scrutiny, and the growing awareness of the long-term risks associated with paying criminals.
Another important factor influencing this change is the availability of cyber insurance that covers ransomware attacks. As more insurance providers now offer coverage for these incidents, organizations are less inclined to meet the ransom demands out-of-pocket. Instead, they may choose to leverage their insurance policies to mitigate financial losses.
SMEs: The Primary Target for Ransomware
One of the most concerning findings of the report is the sharp rise in ransomware attacks targeting small and medium-sized enterprises (SMEs). The survey revealed that 89% of ransomware attacks in the past year were aimed at businesses with fewer than 250 employees—despite the fact that many of these organizations had dedicated cybersecurity teams. This highlights a growing trend in which cybercriminals are shifting their focus from large corporations to SMEs, which may have more limited resources to defend against sophisticated cyber threats.
Darren Hopkins, the Head of Cyber at McGrathNicol, confirmed that one in five victimized organizations experienced multiple ransomware incidents, whether or not they paid the ransom. This indicates that ransomware attacks are increasingly becoming a persistent threat for many businesses, even those that may have complied with ransom demands in the past.
Improved Reporting and Increased Accountability
An interesting development that the report points to is a noticeable increase in the willingness of companies to report ransomware incidents. Since the introduction of the Cybersecurity Act in May 2024, which mandates more stringent reporting guidelines, there has been a marked rise in the number of businesses willing to disclose cyberattacks. The report indicates that nearly 70% to 80% of companies now report ransomware incidents as soon as they are detected, a stark contrast to previous years when many organizations were hesitant to come forward.
This shift toward greater transparency can likely be attributed to the stricter regulatory landscape, as well as the growing recognition of the importance of sharing information to combat cybercrime on a larger scale. By reporting incidents more proactively, businesses are not only helping to protect themselves but also contributing to the broader effort to curb the rise of ransomware attacks.
Rising Investment in Cybersecurity Measures
Perhaps one of the most encouraging signs to emerge from the McGrathNicol survey is the increase in cybersecurity investments among Australian businesses. The research reveals that organizations are becoming more proactive about improving their cybersecurity posture, with many investing in advanced threat detection systems and incident response protocols. These investments are seen as essential in ensuring that businesses can respond effectively to attacks and minimize potential damage.
In fact, Australian companies have made considerable strides in their cybersecurity efforts since the onset of the COVID-19 pandemic. The shift to remote work and the surge in digital transactions highlighted vulnerabilities in existing security infrastructures, prompting many organizations to prioritize cybersecurity like never before. These ongoing investments in prevention tools have helped businesses better prepare for the inevitable rise in cyber threats, reducing the likelihood of falling victim to successful ransomware attacks.
Conclusion: The Evolving Landscape of Ransomware in Australia
The findings of the 2025 Ransomware Report paint a complex picture of the current ransomware landscape in Australia. While the frequency of attacks continues to rise, organizations are increasingly less willing to pay the ransom, driven by a combination of improved preparedness, regulatory changes, and insurance coverage. Small and medium-sized businesses, in particular, are facing a growing risk of being targeted by cyber-criminals, despite having cybersecurity teams in place.
The introduction of stronger laws and an increasing culture of reporting will likely play a crucial role in addressing these threats. However, the key takeaway from this report is clear: cybersecurity remains a critical concern for all businesses, and ongoing investment in prevention measures will be vital to staying one step ahead of the rapidly evolving ransomware threat.
Join our LinkedIn group Information Security Community!
