Indian SMEs Remain Alarmingly Exposed to Ransomware Threats: Sophos Report 2025

As India’s digital economy accelerates, a new report by Sophos raises a critical concern: millions of Indian SMEs remain perilously underprepared for ransomware attacks. While some progress has been made, vulnerabilities persist — especially among smaller enterprises — according to the State of Ransomware 2025 report, based on responses from 378 Indian organisations hit by ransomware over the past year.

SMEs: Still in the Crosshairs

Speaking at the press conference in New Delhi, Sunil Sharma, Vice President – Sales, India & SAARC at Sophos, emphasised the vast gap in cybersecurity readiness across the SME sector:

“If more than 50 million SMEs are working in the country, maybe one million are aware of cybersecurity and taking measures... What about the rest? Yes, awareness is increasing compared to two years ago, but there's still significant room for growth."

When asked whether SMEs are still soft targets, Sharma remarked:

“Ransomware does not discriminate. It treats everyone equally. Wherever it smells money, it attacks. Compared to larger organisations, SMEs remain more exposed simply because their investment in cybersecurity is very minimal.”

Encouraging Progress Amid Persistent Gaps

Despite lingering vulnerabilities, the report does point to signs of progress. The median ransom demand in India has dropped by 52 percent, settling at $961,289. Meanwhile, the median ransom payment has seen a staggering 79 percent fall, reaching $481,636. Furthermore, only 53 percent of organizations paid the ransom to recover their data—an improvement from last year’s 65 percent—indicating that more firms are now relying on backups and better preparedness.

“The positive shift we’re beginning to see is that more Indian organizations now understand the value of preparedness,” Sharma noted.
“The focus is moving from reacting to incidents to building long-term cyber resilience, and that’s a change worth encouraging.”

Top Technical and Operational Weaknesses

The report identifies exploited vulnerabilities as the most common technical entry point for ransomware attacks, accounting for 29 percent of cases. This is followed by attacks launched through compromised credentials at 22 percent, and malicious emails at 21 percent.

On the operational side, 41 percent of organizations pointed to either a shortage of skilled personnel or inadequate protection measures as key reasons for falling victim to ransomware. Additionally, 39 percent admitted that their organizations lacked the necessary cybersecurity tools and services to defend themselves effectively.

The Financial and Emotional Toll

Even when companies avoid paying the ransom, the cost of recovering from an attack remains steep. Indian organizations spent an average of $1.01 million to fully recover from ransomware incidents—excluding any ransom payments. These costs encompass downtime, manpower, network and device recovery, and lost business opportunities.

Internally, the toll on cybersecurity teams has been significant. About 46 percent of professionals reported increased anxiety or stress due to potential future attacks. Meanwhile, 42 percent felt growing pressure from senior leadership, and 30 percent confessed to feelings of guilt over not being able to prevent the incident.

Which Sector Was Hit Hardest?

According to Sharma, the Banking, Financial Services, and Insurance (BFSI) sector experienced the highest frequency of ransomware attacks over the past year. However, he emphasized that as threat actors evolve their tactics, no industry remains truly safe.

Cybersecurity Recommendations to Safeguard from Cyberattck

To counter the Cyberattack of ransomware, Sophos urges Indian organizations to focus on eliminating both technical vulnerabilities and internal capacity gaps. Businesses should ensure that all endpoints, including servers, are fortified with robust anti-ransomware protection. Sophos also recommends having an updated incident response plan that is regularly tested, along with strong, retrievable backups.

The company stresses the importance of real-time threat monitoring. Organizations that lack internal resources should consider partnering with a managed detection and response (MDR) provider to maintain 24/7 surveillance and rapid incident handling.

Final Takeaway

While the 2025 report paints a mixed picture, it also reflects early signs of improvement — falling ransom payments, increased reliance on backups, and a shifting mindset toward prevention over reaction.

Still, for Indian SMEs, the journey is far from over. Cybersecurity awareness, investment, and cultural transformation remain urgent needs as threats continue to evolve.

As the report concludes, “The best ransomware attack is the one that didn’t happen.”