28 01732 759725 chance of being compromised by ransomware actors is just a part of doing business in 2025. Of course, ransomware can still be ‘cured’ by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface and too few resources. We’re seeing more companies recognise they need help and moving to Managed Detection and Response (MDR) services for defence. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start.” Ransomware payments According to Sophos’s research nearly half of ransomware victims ended up paying the ransom to get their data back (for UK respondents, the figure is 54%). This is the second highest rate of ransom payment in the last six years. The median ransom demand fell by one third last year (from $2 million to $1.32 million). However, this varied according to company size. For companies with over $1 billion in revenue, the median ransom demand was $5 million, while for organisations with $250 million revenue or less it was under $350,000. Over half of victims (53%) negotiated a lower payment than the initial demand, helping the average ransom payment to halve from $2 million to $1 million. Excluding ransom payments, the average cost of recovery from a ransomware attack fell by 44%, from $2.73 million to $1.53 million. Organisations also recovered from attacks faster, with 59% of victims recovering fully within a week, compared to 38% last year. In addition, 44% of companies were able to stop a ransomware attack before data was encrypted – a six-year high. Sophos.com/Managed-Risk vulnerabilities pose the highest risk and need immediate patching and remediation. Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading technology and backed by one of the world’s leading MDR services. IASM for Sophos Managed Risk is available for new and existing Sophos Managed Risk customers, with no changes to licences or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console. The case for MDR The sixth annual Sophos State of Ransomware 2025 report, based on a survey of 3,400 IT and cybersecurity leaders in organisations hit by ransomware in 2024, highlights the high price businesses are paying for internal and external vulnerabilities, which for the third year in a row were the number one technical root cause of ransomware attacks (used in 32% of incidents), and the challenges businesses face in securing their attack surface. Four out of 10 organisations fell victim to a vulnerability they were unaware of and 63% cited resourcing issues as a factor in their falling victim to an attack. A lack of expertise was pointed to as the top operational cause of attacks in organisations with more than 3,000 people, while a lack of people/capacity was most frequently cited in companies with 251-500 employees, underlining the value of partnering with a managed detection and response (MDR) provider. Chester Wisniewski, Director, Field CISO at Sophos, said: “For many organisations, the Sophos, a global provider of security solutions for defeating cyberattacks, has enhanced the capabilities of Sophos Managed Risk, an extended service with Sophos MDR, with the addition of Internal Attack Surface Management (IASM) powered by Tenable Nessus scanners. This follows publication of the Sophos State of Ransomware 2025 report, which found that 40% of organisations impacted by ransomware in the last year were compromised via a security gap they were unaware of. Rob Harrison, Senior Vice President, Product Management at Sophos, says the expansion of Sophos Managed Risk’s capabilities to include IASM as well as EASM will help customers identify and address internal weaknesses that could be exploited by threat actors, such as open ports, exposed services and misconfigurations. He said: “With Sophos Managed Risk, organisations gain an attacker’s eye-view to identify and prioritise remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritised by risk and paired with clear remediation guidance. This enables organisations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.” Key features of IASM for Sophos Managed Risk include regular automated scanning to identify weaknesses affecting assets within the network and AI-powered prioritisation to determine which Scanning for vulnerabilities Sophos expands capabilities of Sophos Managed Risk service, following new research highlighting challenges businesses face in securing their internal and external attack surface CYBERSECURITY Chester Wisniewski
RkJQdWJsaXNoZXIy NDUxNDM=