CrowdStrike’s 2025 State of Ransomware Survey has highlighted a concerning trend of overconfidence among Asia Pacific (APAC) organisations regarding their ransomware preparedness. The survey, which included senior IT and cybersecurity leaders from Singapore, India, Australia, and New Zealand, found that 78% of organisations globally experienced a ransomware attack in the past year. Despite this, half of those affected believed they were “very well prepared” before the attack.
The survey revealed that APAC organisations, particularly in Singapore, Australia, and New Zealand, were less likely to recover quickly from ransomware attacks. Only 7% of Singaporean organisations managed to recover within 24 hours, despite 92% expressing confidence in their ability to do so. This was significantly lower than the UK, where 35% of organisations achieved same-day recovery.
The report also highlighted the increasing sophistication of cyber adversaries, with 53% of attacks on Singaporean organisations involving lateral movement to access additional systems. This was the highest rate among surveyed markets, indicating a need for improved cybersecurity measures.
Additionally, the survey found that paying a ransom often leads to repeat attacks, with 83% of organisations that paid a ransom being attacked again. Furthermore, 93% reported data theft despite paying.
The findings underscore the urgent need for organisations to reassess their cybersecurity strategies, particularly in light of AI-enhanced threats. As Elia Zaitsev, CrowdStrike’s chief technology officer, stated, “Legacy defences can’t match the speed or sophistication of AI-driven attacks.” The report calls for better communication between security teams and leadership to close the perception gap and enhance ransomware readiness.
