The 2025 McGrathNicol Ransomware Report reveals a fundamental shift in how Australian businesses are approaching ransomware risk.
The survey included a sample of over 800 decision makers across Australian businesses with 50 or more employees. It was designed to reflect the current Australian business landscape, one dominated by small to medium-sized enterprises (SMEs). With 89% of organisations that have experienced an attack in the past 12 months falling within this category, the financial and operational burden on SMEs is substantial.
In positive news, the findings revealed some of the largest year-on-year changes in the study’s history: the average amount that businesses say they are willing to pay has declined significantly from $1.42 million in 2024 to $906,000 in 2025. This points to a change in payment attitudes, the effectiveness of governance and reporting changes, and a shift away from paymentdependent strategies. The change also coincides with 96% of organisations feeling prepared to respond to cyber attacks—up from 93%. Almost a third (32%) of respondents say their business was able to successfully defend against an attack, which signals maturing market approaches with greater emphasis on resilience.
The survey reveals three critical payment drivers: insurance coverage amounts continue to decline, regulatory and reputational pressure is increasing; and there is growing scepticism of ransom payments as then ‘default’ or most viable recovery option.
