Overconfident and underprepared – that’s the verdict from cybersecurity experts CrowdStrike. See the survey results here.
Over half of Australian and New Zealand healthcare organisations believe they are “very well prepared” for a cyber attack, but the reality is less than a quarter would be able to recover from such an attack within 24 hours.
That’s the verdict from US cybersecurity firm CrowdStrike which released its 2025 State of Ransomware Survey today.
CrowdStrike surveyed 1100 IT and cybersecurity decision-makers across Australia, France, Germany, India, Singapore, the UK and the US to ask how they assess their ransomware readiness and navigate the evolving ransomware landscape, including the emergence of AI-enhanced threats.
“Of the organisations surveyed, 78% reported experiencing a ransomware attack within the past year,” said CrowdStrike.
“Of those, half believed they were ‘very well prepared’ for ransomware, but fewer than a quarter recovered from an attack within 24 hours. Nearly 25% suffered significant disruption or data loss.”
Healthcare organisations were among the most deluded about their cyber confidence, the survey found, with 52% rating themselves very well prepared, while just 23% recovered within 24 hours, 40% suffered “significant downtime or disruption to business operations”, and 35% had data publicly released or stolen.
Australian and New Zealand organisations lagged behind everyone but Singapore, which was not only the most confident (58% very well prepared) but also the least able to recover in 24 hours (7%).
There was a stark difference between US and European organisations.
“In the United States, the largest survey base, 51% of respondents believed they were very well prepared for a ransomware attack, but only 17% of respondents recovered within 24 hours,” said CrowdStrike.
“European organisations show a different pattern: Though they were less likely to rate themselves as ‘very prepared’, they achieved faster recovery times overall.
“UK organisations led recovery performance, with 35% recovering within 24 hours, despite only 47% rating themselves as very prepared. Among German organisations, 25% achieved same-day recovery, with 42% rating themselves as very prepared, while 23% of French organisations were able to recover within 24 hours, with just 32% rating themselves as very prepared.”
Related
Phishing was cited by 45% of respondents as the initial point of compromise.
“Other frequently cited entry points include vulnerability exploits (40%), supply chain compromise (35%), compromised credentials (33%), malicious downloads (32%), misuse of remote monitoring and management (RMM) tools (31%), and insider threats (27%),” said CrowdStrike.
“Nearly one in three organisations (31%) that suffered a ransomware attack reported RMM tools as the attacker’s entry point, underscoring how often legitimate IT utilities are turned against their operators.
“CrowdStrike has also observed adversaries, including PUNK SPIDER and BLOCKADE SPIDER, using ransomware variants that remotely encrypt files over Windows Server Message Block (SMB) network shares from unmanaged systems, allowing them to encrypt remote targets without transferring the ransomware binary.”
Read the full report here.