31% of organizations victimized by ransomware in the past 12 months have been hit multiple times as gangs exploit ineffective defenses and fragmented security. This is one of the findings in Barracuda Networks' new Ransomware Insights Report 2025. Furthermore, three-quarters (74%) of organizations that have been victimized multiple times say they struggle with too many security tools and 61% say their tools do not integrate with each other. This limits visibility and creates blind spots in defense. Of the Benelux organizations surveyed that have been victims of ransomware and have paid the ransom, it appears that four in 10 still did not ultimately recover all the data.
The report is based on the findings of an international survey conducted by Barracuda in partnership with Vanson Bourne, which gathered insights from 2,000 IT and security decision makers in North America, Europe (including Benelux) and Asia Pacific. The results show how ransomware remains a persistent and lucrative threat, exploiting the complexity of security environments and gaps in security measure coverage to launch multidimensional attacks for maximum disruption and financial gain.
59% of Benelux organizations surveyed were affected by ransomware in the past year. This is slightly higher than the global average of 57%. Globally, 67% of organizations surveyed were affected in the healthcare sector and 65% in local governments.
Ransomware attackers have a more than one-in-three chance of getting the ransom paid. Worldwide, nearly one-third (32%) of ransomware victims have paid the attackers to restore or recover data. Among organizations hit twice or more, this percentage rises to 37%. Of the Benelux organizations surveyed that were victims of ransomware, more than a third (37%) paid the ransom.
40% of Benelux victims who paid did not get all the data back. There could be several reasons for this. The decryption tools provided by the attackers - after payment - may not work or they only shared a partial key. Files may become corrupted during encryption or decryption, and sometimes the attackers simply do not send a descriptive tool after the ransom is paid. A good and regularly updated backup provides proven protection against this risk.
Many victims of ransomware did not adequately secure essential parts of the IT environment. For example, less than half (47%) of global ransomware victims had implemented email security, compared to 59% of non-victims. This is important because email is a primary attack vector for ransomware: 71% of organizations that experienced an email breach were also affected by ransomware.
Ransomware attacks are multidimensional in nature. Only one-third (32%) of the ransomware incidents reported in the Benelux involved data encryption alone. A significant number of incidents involved theft (27%) and publication of data (24%) or infection with malicious software (32%). More than one in five (21%) reported that attackers installed backdoors to maintain persistent access.
The impact of a successful ransomware attack is growing, from reputational damage (experienced by 42% of Benelux organizations surveyed) to tangible consequences such as the loss of new business opportunities (27%) and pressure to pay by threatening partners, shareholders and customers (27%) and even employees (17%).
"These findings clearly show that ransomware is a growing threat and that fragmented security makes organizations enormously vulnerable," said Neal Bradbury, Chief Product Officer at Barracuda. "In many cases, attackers can move through their victims' networks, gaining access to systems, data and more, without being detected or stopped. Too many victims are using a cluttered number of separate security tools, often introduced with the best of intentions to bolster security. Tools that cannot work with each other or are not configured correctly create security vulnerabilities that lead to breaches. A unified security approach, focused on a strong integrated platform, is crucial."
The report concludes with a number of recommendations for steps organizations can take to protect against ransomware, such as ensuring regular backups and secure, offline storage of those backups; segmenting the network; and creating and regularly practicing an incident response plan.
Barracuda commissioned independent market research firm Vanson Bourne to conduct a global survey of 2,000 senior IT and security decision makers. Respondents worked in organizations with 50 to 2,000 employees, across various industries in the U.S., UK, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, Netherlands, Luxembourg), the Nordics (Denmark, Finland, Norway, Sweden), Australia, India and Japan. The survey was conducted in April and May 2025.
The full Ransomware Insights Report 2025 is available for download here: https://www.barracuda.com/reports/the-ransomware-insights-report-2025.
