A striking disconnect between organizational confidence and actual recovery capability defines the landscape of the OpenText Cybersecurity 2025 Global Ransomware Survey, which also spotlights the growing threat posed by Artificial Intelligence. The report reveals a false sense of security, with an overwhelming 95% of global respondents, C-level executives and security professionals among them, expressing confidence in their ability to recover from a ransomware attack. However, this optimism is sharply contradicted by real-world outcomes: only 15% of organizations that were actually attacked managed to fully recover their data, and a significant 2% recovered nothing at all. Two in five companies (40%) reported experiencing a ransomware attack in the past year, with nearly half of those being hit multiple times. Of the victims, 45% chose to pay the ransom, and 30% of those payments exceeded $250,000.
The core challenge is the rapid evolution of the threat landscape, driven largely by AI. While 88% of organizations permit employees to use Generative AI (GenAI) tools internally, less than half (48%) have a formal AI use policy in place, exposing critical governance gaps. This vulnerability is immediately evident, as 52% of respondents report an increase in phishing or ransomware attacks directly attributable to AI, and 44% have witnessed sophisticated deepfake-style impersonation attempts. Top concerns now include data leakage, AI-enabled attacks, and deepfakes.
Beyond AI, the survey emphasizes that unmanaged supply chain pathways remain a critical and often overlooked risk. A quarter of all attacks (25%) were found to originate from a software vendor, highlighting the distributed nature of modern threats. Despite this, there’s a positive trend as 78% of organizations now assess the cybersecurity practices of their software suppliers. Ransomware’s severity is also elevating it to a core strategic concern; 71% of respondents now view it as a top-three business risk for their executive team, pushing investments toward cloud security, backup technologies, and continuous user training in 2026. The findings underscore that in an environment where adversarial AI is accelerating, complacency is the biggest risk, and effective security now hinges on a collaborative defense strategy that addresses both internal governance and third-party risk.
