Australian orgs the most targeted by ransomware in 2025

Australian organisations experienced the highest rate of ransomware attacks globally among 10 nations this year, research from Rubrik Zero Labs indicates.

A survey of organisations in the US and selected markets of Asia–Pacific and EMEA found that 35% of Australian organisations had experienced a ransomware attack in the 12 months to September.

One reason for the high rate of ransomware attacks targeting Australia could be the tendency of local organisations to pay their attacker. Of the Australian organisations that experienced a ransomware attack during the period, 95% reported paying a ransom to recover data and halt the attack. Despite this, not a single Australian organisation was able to recover and resume normal operations in less than an hour following an attack, with 23% taking more than 24 hours to recover.

More than three-quarters (78%) of Australian organisations believe it would take them more than 24 hours to recover full service operations following a ransomware attack, with 34% believing it would take at least a week to do so. But the report also found that 92% of Australian organisations are planning to hire professionals specifically to manage or improve digital identity management, with 98% of local security leaders reporting identity-driven attacks as their top concern.

Australian organisations are also increasingly responding to the threat with plans to shift towards cloud and SaaS-based services (88%) more than any other nation.

Rubrik VP for A/NZ David Rajkovic said the findings demonstrate the stark reality that ransomware remains one of Australia’s most persistent and costly cyberthreats.

“Traditional defences clearly aren’t enough. It is critical for Australian organisations to adopt a proactive security posture, one that prioritises rapid recovery, because paying ransoms only fuels the criminal ecosystem,” he said. “The report highlights a nation that understands the threats and is keen to forge ahead with innovation, but unfortunately our nation lacks investment into appropriate security controls.”

Another significant finding is that nearly all (99%) Australian organisations have integrated or plan to integrate AI models or AI agents into their identity infrastructure. Rubrik CTO Kavitha Mariappan said this could pose a concern due to the threat that AI agents, if compromised, could grant threat actors direct access to sensitive systems and data.

“AI agents are a force multiplier — the only question is whether that force is positive or negative,” she said. “When compromised and used maliciously, AI agents can cause 10 times the damage in one-tenth of the time. We’ve already seen the impact compromised human identities can have, and it’s clear agentic identities are the next frontier.”

The markets covered by the report were the US, Japan, Australia, Singapore, India, the UK, France, Germany, Italy and the Netherlands.

Image credit: iStock.com/Sashkinw