According to Veeam’s 2025 Ransomware Trends Report, Majority of Organisations Still Lack Data Resilience and Crisis Recovery Plans.
Ransomware attacks continue to evolve, and while fewer organisations in the EMEA region are paying ransoms, the majority remain dangerously underprepared to recover from a large-scale cyberattack. According to Veeam’s 2025 Ransomware Trends Report, ransomware payments in EMEA dropped by 22% year-on-year, signaling a positive shift toward stronger data protection and cybersecurity resilience. However, the study revealed that 63% of organisations still lack alternative infrastructure plans, leaving them unable to fully recover from a site-wide ransomware crisis.
The findings show that paying ransoms is becoming less effective as a recovery method. In 2023, 54% of organisations that paid were able to recover their data — but that number plunged to just 32% in 2024. Meanwhile, those recovering data without paying increased from 14% to 30%, showing growing confidence in backup and recovery solutions. Yet, Veeam warns that attackers are changing tactics, with some skipping encryption entirely to steal or sell sensitive data.
“Payments may drop, but it doesn’t mean attacks will,” said Tim Pfaelzer, Senior Vice President and General Manager EMEA at Veeam, highlighting that disruption and data theft are becoming key motivators for cybercriminals.
Despite EU cybersecurity regulations like NIS2 and DORA pushing organisations to strengthen data resilience, many still face severe gaps. Without alternative infrastructure and secure offsite backups, companies risk being offline for weeks after an attack — a downtime that could cost over £1 million per hour in losses.
“Organisations have rightly placed recovery at the core of their strategy,” Pfaelzer added. “But they must now go further — improving baseline data resilience, building robust disaster recovery systems, and eliminating any need to pay ransoms in the first place.”
As law enforcement operations such as the takedown of LockBit disrupt major ransomware groups, experts say this is a crucial moment for EMEA enterprises to strengthen cybersecurity frameworks and cloud backup solutions. The report concludes that while ransomware payments are falling, true resilience will only be achieved when organisations can fully recover operations without negotiation, payment, or prolonged downtime.
