cxo voice
  • Business
  • Technology
    • Artificial Intelligence
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • CXO Insights
  • Cyber Security
  • CXO Interviews
No Result
View All Result
  • Business
  • Technology
    • Artificial Intelligence
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • CXO Insights
  • Cyber Security
  • CXO Interviews
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home Cyber Security

58% of retailers hit by ransomware paid the ransom: Report

Arshi Khan by Arshi Khan
November 4, 2025
ransomware retailers

A industry report focused on retail ransomware shows that 58% of retail organisations whose data was encrypted paid the ransom to recover their data, a sharp rise from prior years and well above the cross-sector average. Sophos released its fifth annual Sophos State of Ransomware in Retail report, a vendor-agnostic survey of IT and cybersecurity leaders across 16 countries. This year’s report reveals that nearly half (46%) of retail ransomware incidents were traced to an unknown security gap, underscoring ongoing visibility challenges across the retail attack surface.

In the past year, Sophos X-Ops observed almost 90 different threat groups attack one or more retailers with ransomware or extortion. The most active groups were Akira, Cl0p, Qilin, PLAY, and Lynx. After ransomware, the second most common type of attack was account compromise. Like many other industries, retailers are also often targeted by business email compromise (BEC) groups. These groups try to trick companies into sending money to the wrong accounts.

“Retailers all over the world are facing more complicated threats. Cyber Attackers are always looking for weaknesses, especially in systems connected to the internet. Ransom demands are rising. The good news is that many retailers are starting to understand this and are investing in better cyber defences to stop attacks early and recover more quickly,” says Chester Wisniewski, director, global field CISO at Sophos.

Limited in-house expertise was the second-most common operational driver of compromise (45%), followed by insufficient protection (44%). If retailers lack the right skills and protections, it is hard for them to detect and stop cyber attacks.

The average ransom payment in retail increased by 5% ($1 million in 2025, up from $950,000 in 2024). However, the average payment is only half of what criminals initially ask for. This shows that retailers are more likely to resist high demands and may be getting expert help to handle ransomware attacks.

According to the State of Ransomware in Retail report 2025

Data encryption is becoming less common, but criminals are changing their tactics. The number of retailers hit by extortion-only attacks has tripled, from 2% in 2023 to 6% in 2025.

Backup rates are falling; 62% of retailers who experienced attacks restored their data using backups, the lowest rate in four years.

Retailers are pushing back against ransom demands. Only 29% paid the full amount asked at first. 59% paid less than the first request, and 11% paid more.

Recovery costs are going down. The average cost to recover from a ransomware attack (not including the ransom payment) dropped by 40% in the last year to $1.65 million, the lowest in three years.

Ransomware attacks had a big effect on teams. Almost half (47%) of retail IT and cybersecurity teams felt more pressure after experiencing data encryption, and in 26% of cases, leaders were replaced because of attacks.

Marks & Spencer (M&S) (Ransomeare reported in 2025): a ransomware incident disrupted online operations and store support systems, with analysts estimating tens of millions in short-term profit impact and negative market reaction; M&S reportedly chose not to pay and pursued system rebuild, illustrating the tradeoff between paying vs rebuilding (and the possible long recovery cost of refusal).

Also Read: Top 10 agentic AI threats, and how to defend against them

Arshi Khan

Arshi Khan

A research-focused journalist covering enterprise technology, AI, and cybersecurity. Reporting combines market data, expert interviews, and on-ground industry inputs to produce accurate, context-driven stories for business decision-makers. She can be reached at [email protected]

Related Posts

cloudflare Precursor
Cyber Security

Cloudflare Introduces Precursor, One-Click Bot Defense That Monitors User Behavior Instead of CAPTCHA Challenges

July 14, 2026
Tech Mahindra and CloudSEK
Cyber Security

Tech Mahindra, CloudSEK Partner to Deliver Predictive, Regulation-Ready Cybersecurity

July 14, 2026
Tata data breach
Cyber Security

Tata Data Breach  Leaks Unreleased Apple Product Details

June 30, 2026
IBM Red Hat and Palo Alto
Cyber Security

IBM, Red Hat, Palo Alto Networks Expand Project Lightwell for AI-Driven Vulnerability Protection

June 25, 2026
Wipro MDR
Cyber Security

Wipro Expands Palo Alto Networks Alliance to Launch AI-Powered Cyber Defense Services

June 24, 2026
public Wi-Fi
Cyber Security

The Hidden Dangers of Public Wi-Fi: Why Convenience Should Never Replace Caution

June 23, 2026
Wi-Fi Security
Cyber Security

Connected Everywhere, Vulnerable Anywhere: The Security Side of Wi-Fi

June 23, 2026
N-able Bengaluru
Cyber Security

N-able Opens New Global Capability Centre in Bengaluru

June 17, 2026
Load More

More Articles

GeForce NOW Officially Launches in India With Subscription Plans Starting at ₹999

GeForce NOW Officially Launches in India With Subscription Plans Starting at ₹999

by Deepa Sharma
July 15, 2026

cloudflare Precursor

Cloudflare Introduces Precursor, One-Click Bot Defense That Monitors User Behavior Instead of CAPTCHA Challenges

by Deepa Sharma
July 14, 2026

Intel Ireland

Intel to Invest €5 Billion in Ireland to Boost AI Chip Production and R&D

by Deepa Sharma
July 14, 2026

Tech Mahindra and CloudSEK

Tech Mahindra, CloudSEK Partner to Deliver Predictive, Regulation-Ready Cybersecurity

by Deepa Sharma
July 14, 2026

Get Weekly CXO Intelligence.

Loading

CXO Insights

public Wi-Fi
Cyber Security

The Hidden Dangers of Public Wi-Fi: Why Convenience Should Never Replace Caution

by Atul Luthra
June 23, 2026
Wi-Fi Security
Cyber Security

Connected Everywhere, Vulnerable Anywhere: The Security Side of Wi-Fi

by Govind Rammurthy
June 23, 2026
Shadow AI
Artificial Intelligence

Shadow AI: The Invisible Threat Growing Inside Modern Enterprises

by Manpreet Singh
June 5, 2026
traceability in Manufacturing
Opinion

From Barcode to Intelligence: How Traceability Is Redefining Manufacturing in India

by S R Srinivasan
May 29, 2026

CXO Interviews

AI Skills
Artificial Intelligence

How AI is transforming skills, education, and workforce development in the future of work

>
1Point1
Business

How 1Point1 Solutions Is Betting Its Future on AI to Redefine BPM

>
NewgenONE
Business

Reimagining Enterprise Transformation: Varun Goswami on the Future of NewgenONE and AI-Driven Automation

>
Jagat Shah, Chairman & CEO of MITSUMI Group
Business

Leadership in Emerging Markets: Exclusive Interview with Jagat Shah, Chairman & CEO of MITSUMI Distribution

>

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. We publish informed analysis, news reporting, expert commentary, and expert insights across enterprise technology, digital transformation, cybersecurity, data, AI, sustainability, and governance.

Connect with us

Easy Links

  • Cryptocurrency
  • Company Announcements
  • Event
  • Blockchain
  • Resources & Downloads
Loading
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Editorial Policy
  • Feedback

Copyright © 2026 CXOVoice - All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Business
  • Opinion
  • Interview
  • Technology
  • Cyber Security
  • Artificial Intelligence
  • How To
  • Data Center

Copyright © 2026 CXOVoice - All Rights Reserved