In a striking revelation, a newly released Cybercrime report highlights that nearly half of global organisations struck by ransomware last year chose to pay for the return of their data. For Nigerian firms, this trend is particularly alarming, as a notable proportion are among those caving to cybercriminal demands.
Rising tide of ransomware payments
The “State of Ransomware 2025” report by cybersecurity specialist Sophos reveals that around 46% of companies worldwide paid cybercriminals to regain access to their systems – the second-highest rate recorded in the past six years. This marks a critical shift: despite increased awareness and stronger security postures, organisations remain vulnerable to the high-stakes game of ransom payments.
Strikingly, while the median ransomware payment dropped by half—from $2 million in 2024 to $1 million in 2025—large firms still face astronomical demands. In contrast, smaller organisations continue to grapple with demands below $350,000. To cut losses, 53% of victims successfully negotiated lower settlements, either directly or with the help of expert incident responders.
The Nigerian connection
Although the Cybercrime report is global in scope, its findings resonate closely with Nigeria’s cybersecurity landscape. Last year, Sophos identified that 71% of Nigerian organisations were targeted by ransomware, and 44% of those affected paid ransoms to regain data access. Additionally, smaller firms and SMEs in Nigeria are under siege, reporting a 115% surge in cyber-attacks via malicious fake apps disguised as productivity tools or AI platforms.
Attack trends and root causes
More than ever, cybercriminals are exploiting unpatched systems. According to the report, 40% of intrusions stemmed from pre-existing vulnerabilities unknown to the victims . This reflects a fundamental weakness in network hygiene and risk management.
Missing cybersecurity skills compound the problem. A staggering 63% of victims cited a lack of talent—especially in larger companies—as a major barrier to prevention and response.
Glimmers of improvement
Despite the gloom, the Cybercrime report notes encouraging progress. In 2025, 44% of attacks were blocked before file encryption occurred—the highest success rate in six years. Additionally, fewer than half of ransomware incidents included data encryption, another six-year low.
Recovery times, too, are shortening: over 50% of firms restored operations within a week—compared to just 35% in 2024—and only 18% required more than a month, down from 34%. Notably, the average recovery cost declined from US $2.73 million in 2024 to about US $1.53 million in 2025.
Strategic lessons for resilience
The Cybercrime report puts emphasis on three pillars:
- Patch and prepare
Rapidly identifying and closing vulnerabilities remains essential. Organisations that proactively patch systems significantly reduce the risk of ransomware incidents. - Invest in expertise
Bringing in skilled incident responders can not only contain breaches but also empower organisations to negotiate down extortion payments—delivering both technical and financial relief. - Layered security strategy
The report urges broad deployment of multi-factor authentication, continuous network monitoring, external incident-response support, and reliable data backups.
These measures align with earlier expert guidance: in 2022, the Nigerian Communications Commission and Deloitte highlighted that strong passwords, multi-factor authentication, and user education were critical in mitigating Cybercrime.
What this means for Nigerian organisations
Nigeria’s business landscape faces an especially acute threat from Cybercrime. The blend of rising ransomware activity, an influx of fake malware malware masked by productivity and AI apps, and underinvestment in cybersecurity creates fertile ground for cybercriminals targeting both large enterprises and SMEs.
To reverse this trend, Nigerian firms must:
- Allow only vetted software: Ban downloads of unverified tools and educate employees on the risks of fake AI and productivity apps.
- Deploy a proactive patch policy: Regularly scan systems and promptly apply updates.
- Staff the right IT talent: Prioritise hiring in-house cyber experts or partnering with reputable MSSPs (Managed Security Service Providers).
- Practice incident readiness: Conduct ransomware drills, test backup reliability, and rehearse engagement with cybersecurity response teams and insurers.
Introducing a strategic baseline
For leaders, the Cybercrime report offers a clear call to action. It underlines that paying ransom is no longer the silver bullet—it may secure data in the short term, but it fuels criminal operations. Strategic investment in cyber preparedness yields faster recovery, lower cost, and greater confidence.
As the Cybercrime report makes clear, combining disciplined patching, education, skilled personnel, and layered defences is the most effective arsenal against ransomware and broader cyberattacks.
Join Our Social Media Channels:
WhatsApp: NaijaEyes
Facebook: NaijaEyes
Twitter: NaijaEyes
Instagram: NaijaEyes
TikTok: NaijaEyes
