The 2025 McGrathNicol ransomware survey reveals that 69% of Australian SMEs (50+ employees) experienced ransomware attacks in the past five years, with 89% of recent victims being small or medium-sized businesses. These attacks disrupted operations, strained supply chains (with over half of breached firms reporting *severe or significant impacts*), and exposed vulnerabilities due to lack of dedicated cybersecurity teams. While ransom payments declined (64% paid in 2025 vs. 84% in 2024), one in five victims faced repeat attacks regardless of payment, highlighting persistent threats. Financial losses included average ransom payments of $711,000 (down from $1.35M in 2024), alongside reputational damage and regulatory scrutiny. The attacks exploited SMEs as *‘soft targets’*, with no guarantee of data recovery even after payment, compounding operational and financial instability. Many SMEs lacked incident response plans, exacerbating recovery challenges.
Source: https://australiancybersecuritymagazine.com.au/average-ransomware-payment-almost-halves/
TPRM report: https://www.rankiteo.com/company/mcgrathnicol
"id": "mcg3762037111725",
"linkid": "mcgrathnicol",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'multiple (cross-sector)',
'location': 'Australia',
'name': 'Australian SMEs (Small and Medium '
'Enterprises)',
'size': '50+ employees (survey threshold); majority '
'<$10M annual revenue',
'type': ['private companies',
'public sector (indirectly via supply '
'chain)']},
{'industry': 'multiple (cross-sector)',
'location': 'Australia',
'name': 'Australian Large Enterprises',
'size': '$10M+ annual revenue',
'type': ['private companies',
'publicly listed companies']}],
'data_breach': {'data_encryption': ['ransomware encryption (implied by attack '
'type)']},
'date_publicly_disclosed': '2025-11-13',
'description': 'McGrathNicol’s 2025 ransomware survey, conducted with YouGov, '
'reveals a continued decline in ransom payments by Australian '
'organizations, even as attack volumes remain high. The '
'report, based on responses from over 800 decision-makers in '
'companies with 50+ employees, found that 69% of business '
'leaders experienced a ransomware incident in the past five '
'years, with SMEs disproportionately affected. While 64% of '
'victims paid ransoms in 2025 (down from 84% in 2024), the '
'average payment halved to $711,000 from $1.35 million in '
'2024. Factors contributing to this trend include reduced '
'insurance coverage, regulatory scrutiny, reputational risks, '
'and improved incident response preparedness. SMEs remain '
'primary targets due to limited cybersecurity resources, with '
'89% of attacks in the past 12 months targeting small or '
'medium-sized businesses. The report also highlights strong '
'support for Australia’s new mandatory ransomware reporting '
'requirements under the Cyber Security Act 2024, with 71% of '
'business leaders advocating for compulsory reporting to '
'enhance collective resilience.',
'impact': {'brand_reputation_impact': ['increased reputational risk cited as '
'factor in declining ransom payments',
'SMEs vulnerable due to lack of '
'dedicated cyber teams'],
'financial_loss': {'average_ransom_payment_2024': '$1.35 million '
'AUD',
'average_ransom_payment_2025': '$711,000 AUD',
'supply_chain_disruptions': 'severe or '
'significant '
'(reported by >50% '
'of breached '
'organizations)',
'willingness_to_pay_2024': '$1.42 million AUD',
'willingness_to_pay_2025': '$906,000 AUD'},
'operational_impact': ['supply chain disruptions '
'(severe/significant for >50% of breached '
'orgs)',
'multiple incidents (1 in 5 orgs reported '
'repeat attacks)']},
'initial_access_broker': {'high_value_targets': ['SMEs (due to lack of '
'dedicated cyber teams)',
'supply chains (indirect '
'impact on larger orgs)']},
'investigation_status': 'completed (survey-based analysis)',
'lessons_learned': ['Ransom payments do not guarantee data recovery or '
'prevent future attacks (1 in 5 orgs experienced multiple '
'incidents regardless of payment).',
'SMEs are disproportionately targeted due to limited '
"cybersecurity resources, making them 'soft targets'.",
'Improved incident response planning and board-level '
'engagement contribute to declining ransom payments.',
'Mandatory reporting (e.g., Cyber Security Act 2024) '
'enhances collective resilience through information '
'sharing.',
'Complacency remains a risk even among larger, '
'better-prepared organizations.'],
'motivation': ['financial gain', 'exploitation of vulnerable targets (SMEs)'],
'post_incident_analysis': {'corrective_actions': ['Increased investment in '
'incident response planning '
'and board-level '
'engagement.',
'Adoption of mandatory '
'reporting (Cyber Security '
'Act 2024) to improve '
'visibility.',
'Collaboration with '
'consultants (e.g., '
'McGrathNicol) and '
'government for threat '
'intelligence.',
'Shift away from ransom '
'payments as an acceptable '
'recovery strategy.'],
'root_causes': ['Lack of dedicated cybersecurity '
'resources in SMEs.',
"Perception of SMEs as 'soft "
"targets' by cybercriminals.",
'Over-reliance on ransom payments '
'as a recovery strategy '
'(historically).',
'Supply chain vulnerabilities '
'(impacted >50% of breached '
'orgs).']},
'ransomware': {'data_encryption': True,
'ransom_paid': {'average_payment_2024': '$1.35 million AUD',
'average_payment_2025': '$711,000 AUD',
'percentage_paid_2024': '84%',
'percentage_paid_2025': '64%'}},
'recommendations': ['Invest in prevention, threat detection, and incident '
'response capabilities.',
'Avoid complacency, especially among larger organizations '
'($10M+ revenue).',
'Leverage mandatory reporting requirements to improve '
'threat intelligence sharing.',
'SMEs should prioritize cybersecurity resources, '
'including partnerships with consultants (e.g., '
'McGrathNicol) and government programs.',
'Reevaluate ransom payment strategies, considering '
'regulatory, reputational, and operational risks.'],
'references': [{'date_accessed': '2025-11-13',
'source': 'McGrathNicol 2025 Ransomware Survey Report'},
{'date_accessed': '2025-11-13',
'source': 'McGrathNicol Press Release (via article)'}],
'regulatory_compliance': {'regulatory_notifications': ['Cyber Security Act '
'2024 (mandatory '
'ransomware reporting, '
'effective May 2024)',
'71% of business '
'leaders support '
'compulsory '
'reporting']},
'response': {'communication_strategy': ['public report release (13 Nov 2025)',
'media commentary by Darren Hopkins '
'(Head of Cyber, McGrathNicol)'],
'incident_response_plan_activated': 'improved preparedness cited '
'as factor in declining '
'ransom payments (including '
'board-level engagement)',
'third_party_assistance': ['McGrathNicol (cybersecurity '
'consulting)',
'YouGov (survey partner)',
'industry partners',
'government (threat intelligence '
'sharing)']},
'stakeholder_advisories': ['Urged executives not to become complacent despite '
'higher preparedness in larger organizations.',
'Emphasized the importance of threat intelligence '
'sharing with industry partners and government.',
'Highlighted the need for SMEs to address resource '
'gaps in cybersecurity.'],
'title': 'Decline in Ransomware Payments Among Australian Organizations '
'Despite High Attack Volumes (2025 McGrathNicol Report)',
'type': ['ransomware', 'survey/statistical analysis']}