zephyr_p - stock.adobe.com
Channel still key to plugging security expertise gaps
Analyses of the state of ransomware by Sophos and from the NCC Group underlines the continuing need for partners to aid customers
The revelation from Sophos that almost half of UK firms lack the expertise to deal with a cyber attack should confirm the need for the channel to step in and cover those gaps.
The security vendor shared the findings of its State of ransomware 2025 report, with the headlines being generated by the 42% of UK business that lack the ability to fend off attacks and the 54% that admitted they are paying ransoms as a result of being targeted.
Many ransomware attacks were a result of unknown security gaps attackers discover and exploit before businesses can block them off.
Sophos found that although the rate of paying ransoms was at the highest level for six years, many firms did not reward the criminals with the full amount they were asking for. The median ransom demand dropped by a third between 2024 and 2025, and the payments also decreased by 50%, which indicated more firms were being successful in fending off threats.
The average cost for UK organisations to recover from a ransomware attack was calculated to be $2.58m, which was an increase from the $2.07m seen in 2024.
The channel has been warning customers against the evils of ransomware, and that message appears to have got through to an increasing number who recognise it’s just a reality of trading. “For many organisations, the chance of being compromised by ransomware actors is just a part of doing business in 2025,” said Chester Wisniewski, director and field chief information security officer at Sophos. “The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage. This includes hiring incident responders who can not only lower ransom payments, but also speed up recovery and even stop attacks in progress.
“Of course, ransomware can still be ‘cured’ by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface and too few resources,” he added. “We’re seeing more companies recognise they need help and moving to managed detection and response (MDR) services for defence. MDR, coupled with proactive security strategies such as multi-factor authentication and patching, can go a long way in preventing ransomware from the start.”
Faster recovery
The research also revealed UK firms were getting faster at recovering from a ransomware attack, with 59% fully back on their feet within a week.
Given its 100% commitment to the channel, the Sophos results clearly spell an opportunity for the firm’s partners.
The report highlighted that UK businesses reported that a lack of expertise was the most common root cause to explain their vulnerability to ransomware attack. Unknown security gaps were the second issue users were grappling with.
At the same time, NCC Group shared its latest monthly ransomware insights, covering May, indicating that the volume of attacks had dropped for the third consecutive month.
The fall in global attacks by 6% was a welcome sign that defences were having a positive impact, but there were warnings that threats were continuing to emerge.
“Although reported ransomware incidents declined in March, April and May, cyber security efforts must be strengthened, not scaled back,” said Matt Hull, global head of threat intelligence at NCC Group. “Seasonal fluctuations, with summer approaching, may partly explain the dip. However, the rise of new threat actors like Safepay and the emergence of critical vulnerabilities in AI highlight the ongoing volatility of the ransomware landscape.
“This underscores the need for sustained cyber investment across both industry sectors and national defence,” he said. “The focus on the UK’s retail sector has shone a light on why cyber security is integral to business resilience.”
