SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Laptop digital clouds data streams binary code cybersecurity threats illustration
#
Ransomware
#
Cloud Security
#
Phishing

UK firms confident on ransomware but face rising AI-driven risks

Wed, 29th Oct 2025
Author image
By Kaleah Salmon, Journalist

A new survey has found that while UK organisations express high confidence in their ability to recover from ransomware attacks, rising concerns about AI-powered threats and data governance highlight growing challenges in the cybersecurity landscape.

The OpenText Cybersecurity 2025 Global Ransomware Survey canvassed 420 security professionals and business leaders in the United Kingdom, revealing a strong sense of preparedness offset by new and evolving risks. The results indicate that although advances have been made in security postures, issues such as artificial intelligence (AI) and supply-chain vulnerabilities continue to expose gaps in defences.

AI complicates recovery

The survey found 96% of UK organisations feel confident about their ability to recover from a ransomware incident. Despite this, only 9% of respondents who suffered an attack reported full data recovery, suggesting that actual outcomes often fall short of expectations.

AI was identified as a significant concern, both as a tool for productivity and a factor that increases risk. While 90% of organisations allow employees to use generative AI (GenAI) tools, just over half (52%) have established a formal policy regarding AI usage. Half of respondents reported a rise in phishing or ransomware incidents due to AI, while 48% observed attempts at deepfake-style impersonations.

Key AI-related concerns among those surveyed included data privacy and leakage (30%), AI-enabled ransomware or phishing (26%), and the threat posed by deepfakes or impersonations (19%).

Muhi Majzoub, Executive Vice President, Security Products, OpenText, said:

"Organisations are right to be confident in their progress in security posture, but they can't afford to be complacent. AI fuels productivity while also heightening risk through insufficient governance and its expanding use in attacks. Managing information securely and intelligently is essential to building resilience in organisations of any size."

Supply-chain risks persist

Beyond the issues triggered by AI, traditional risks such as supply-chain and third-party vulnerabilities remain significant. The survey showed that 41% of UK companies experienced a ransomware attack in the past year. Of those, 62% were targeted more than once, with 45% reporting incidents originating with a software vendor or a managed service provider.

Ransom payments also varied, with 49% of victims paying. In terms of financial impact, 34% paid between USD $50,000 and USD $250,000, and 7% made payments between USD $1 million and USD $5 million. However, these costs did not guarantee recovery; only 9% fully regained their data, while 16% recovered less than a quarter.

The majority of organisations have adopted processes to mitigate these risks: 86% have a formal procedure for assessing the cybersecurity of software suppliers, and 89% have implemented vulnerability management and patching regimes.

Cybersecurity is a board priority

The sophistication of ransomware threats has altered the perception of cybersecurity in UK organisations. Rather than being seen as solely an IT concern, ransomware is now considered a top business risk by boards and executive teams.

According to the survey, 81% of UK respondents reported that their executive team recognises ransomware as one of the top three business risks. Additionally, 71% reported being questioned by customers or partners about their readiness to respond to ransomware in the past year.

Employee training and awareness are also receiving attention. Approximately 82% of organisations require regular security awareness or phishing training for their staff, while only 2.1% provide no such training. As they look ahead, 64% plan to increase investment in cloud security in 2026, 55% will focus more on backup technologies, and 60% intend to expand user training efforts.

Many organisations are also leveraging external support, with 70% outsourcing some or all cybersecurity responsibilities to managed service providers.

Impact on smaller businesses

The survey points to particular challenges for small and medium-sized businesses (SMBs), which often lag behind larger enterprises in formal AI policies and dedicated cybersecurity resources. The report highlights that the threat landscape is raising the stakes for organisations regardless of size.

Survey participants included representatives from a range of industries, with technology accounting for 76.7% of responses, followed by financial services (32.9%), manufacturing (21.4%), healthcare (14.3%), and government (11.9%).

The findings suggest that effective protection against ransomware now relies not only on robust internal defences, but also on collaboration with partners and technology providers to address vulnerabilities throughout the supply chain.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
Apptio unveils FinOps tools to tackle soaring AI cloud costs

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Geneva launches first citywide quantum network for research & industry
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion