Is ransomware losing its grip? According to Databarracks’ newly published Data Health Check 2025, organisations are turning the tide – opting to recover from backups instead of paying ransoms.
The annual survey of 500 IT decision-makers – released just days after the UK Government confirmed new ransomware rules – reveals a significant shift in how organisations respond to attacks. Just 17% of those hit by ransomware in the past year paid the ransom – down from 27% in 2024 and 44% in 2023. In contrast, 57% recovered from backups.
That means organisations are now more than three times more likely to recover from backups than pay the ransom. Better backup practices are a factor in this, with 72% of organisations now having air-gapped backups, and 59% have immutable backups.
The report shows more organisations are also formalising their stance: 24% now have a policy never to pay a ransom – double the figure from 2023.
This shift comes as the UK Government confirms its new ransomware policy, which includes a ban on ransom payments by public sector bodies and Critical National Infrastructure operators, plus mandatory reporting and pre-payment notification for the private sector.
James Watts, Managing Director at Databarracks, commented: “The government’s new stance is bold – but the data shows the direction of travel was already clear. In some sense, the policy is a formalisation of where UK businesses were already headed. Paying the ransom used to feel like the only option. Now, the best-prepared organisations are recovering faster, more reliably, and without funding criminals. Air-gapped and immutable backups are giving organisations the confidence to say no – and back it up.”
The Data Health Check 2025 also shows that improving backup processes is now the top IT resilience priority for UK organisations – ahead of both continuity planning and recovery testing.
“Recovery isn’t a last resort – it’s a strategy,” added Watts. “The organisations that plan and rehearse their recoveries are the ones that come through an attack strongest. That’s how you beat ransomware – not by paying, but by preparing to recover.”
