Despite a drop in overall ransom demands, Indian companies are still paying a median of over ₹4 crore (USD 481,636) to cybercriminals to regain access to their data, according to the latest State of Ransomware 2025 report from UK-based cybersecurity firm Sophos. The report paints a worrying picture of the financial toll cyber attacks continue to exact on Indian businesses. Even though the median ransom demand fell by 52%—from $2 million last year to around $ 961,000—companies are spending an average of over ₹8 crore (USD 1.01 million) on recovery costs per attack.



Many Still Paying Up Despite Falling Demands

More than half (53%) of Indian organisations surveyed admitted to paying a ransom to recover their data. That's lower than last year's 65%, but it still shows how frequently companies are forced to negotiate with attackers.

Interestingly, the outcomes of these negotiations varied widely:



Nearly half paid the full amount.

12% actually ended up paying more than what was first demanded.



How Attackers Are Breaking In



The Sophos report, which surveyed around 3,400 IT and cybersecurity leaders globally—including 378 in India who faced ransomware in the past year—highlighted how these attacks typically happen.

The most common technical root causes were:



Exploited vulnerabilities (29%)

Compromised credentials (22%)

Malicious emails (21%)



On the organisational side, 41% of companies blamed staffing shortages or inadequate capacity for their vulnerability, while 39% admitted they lacked the necessary cybersecurity products or services.



High Demands Still Common



Even though the overall ransom demand has fallen, 49% of Indian companies reported demands of USD 1 million or more—down from 62% last year but still alarmingly high.



About 31% of Indian organisations said their data was stolen during attacks involving encryption—a slight improvement from 34% the previous year but still a major risk.