The vast majority of Australian organisations are still capitulating to ransomware demands, with new research showing 91% of local security leaders paid attackers in the past year despite repeated warnings from law enforcement agencies.

The findings, released in Rubrik Zero Labs' "State of Data Security in 2025" report, are based on insights from over 1,600 IT and security leaders across 10 countries, and found that 92% of Australian organisations experienced a cyberattack in 2024.

One of the most notable findings in this year’s report was that 92 per cent of local organisations experienced a cyberattack last year. In a typical ransomware attack, the victim would be able to restart their operations by recovering data from their backup systems. However, Rubrik’s research found these systems were routinely being compromised during an attack to disrupt recovery attempts.

Of the Australian IT and security leaders that experienced a ransomware attack, 78 per cent said the threat actors were able to at least partially harm backup and recovery options – more than a third (35 per cent) said the attackers were completely successful in doing so.

"Paying an attacker supports the cybercrime business model, encourages further attacks and continues the cycle," said David Rajkovic, Vice President of Rubrik A/NZ. "Unfortunately, we're seeing Australian organisations lulled into a false sense of security from the attack prevention focused security measures they've implemented and being completely unprepared once those defences have been thwarted."

The research highlights how Australia's rapidly expanding digital footprint is creating new vulnerabilities. Almost all Australian respondents (98%) reported using between two and five cloud and Software-as-a-Service (SaaS) platforms for data storage and applications, with more than two-thirds planning to increase their cloud usage over the next year.

This proliferation of platforms is creating an increasingly complex security landscape. Australian organisations identified securing sensitive data across multiple environments (38%), data compliance and privacy concerns (34%), and lack of centralised management (34%) as their primary challenges.

The threat landscape has also fundamentally shifted, according to Rajkovic. "Attackers are no longer breaking in, they're logging in," he explained. "They are increasingly stealing credentials to compromise their victims' cloud and SaaS platforms."

This evolution in attack methods is driving calls for organisations to adopt what security experts term an "assumed breach mindset" – accepting that prevention measures will eventually fail and focusing equally on robust recovery strategies.

The report's methodology included analysis of 5.8 billion files across cloud and SaaS environments, with over 175 million sensitive files classified across customer environments, covering the period from January 1 through December 31, 2024.

As Australia continues its digital transformation, the research underscores the urgent need for organisations to rethink their approach to cybersecurity – moving beyond prevention-only strategies to embrace comprehensive cyber resilience frameworks that can withstand and recover from sophisticated attacks.

View the full report here.