Over half of Indian enterprises surveyed by OpenText faced **ransomware attacks** in the past year, with **71% reporting AI-driven phishing or deepfake attempts**, marking India as a highly targeted region. **70% of affected organizations paid ransoms** to regain data access—one of the highest global rates—yet only **12% fully recovered encrypted/stolen data**, exposing a critical gap between perceived resilience and actual recovery capabilities. Attacks increasingly exploited **third-party vendors or supply chains**, with **63% of organizations impacted by breaches via managed service providers**. Despite proactive measures like **cloud security (68%), network protection (60%), and backup technologies (58%)**, heavy reliance on external ecosystems amplified cascading risks. The financial and operational strain was compounded by **AI-enabled threats (deepfakes, voice/video spoofing)**, with **95% of firms allowing generative AI tools** but only **50% having formal AI governance policies**. Ransomware is now a **board-level priority (84% of execs rank it a top-3 risk)**, yet recovery tests (76% conduct multi-annual drills) and employee training (80% participation) have not prevented persistent data loss and operational disruption.
TPRM report: https://www.rankiteo.com/company/opentext
"id": "ope0062100110625",
"linkid": "opentext",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': ['technology',
'financial services',
'manufacturing',
'others (unspecified)'],
'location': 'India',
'name': 'Indian Enterprises (Survey Respondents)',
'type': ['private sector',
'public sector (if applicable)']}],
'attack_vector': ['AI-driven phishing',
'deepfake (voice/video spoofing)',
'third-party service providers',
'software supply chain'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes potential PII and '
'corporate secrets)',
'type_of_data_compromised': ['personally identifiable '
'information (likely)',
'corporate data',
'financial data (possible)']},
'description': "OpenText's fourth annual Global Ransomware Survey reveals "
'that over 50% of Indian enterprises faced ransomware attacks '
'in the past year, with 71% reporting a surge in AI-driven '
'phishing or deepfake attempts. Nearly 70% of affected '
'organizations paid ransoms, yet only 12% fully recovered '
'encrypted or stolen data. The report highlights gaps in AI '
'governance, third-party risks, and the escalating complexity '
'of attacks, including supply chain breaches. Indian '
'organizations are prioritizing cloud security, network '
'protection, and backup technologies for 2026, with 84% of '
'executive teams now treating ransomware as a top-three '
'business risk.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'downtime': True,
'identity_theft_risk': True,
'operational_impact': True,
'systems_affected': True},
'initial_access_broker': {'entry_point': ['third-party service providers',
'software supply chain',
'AI-driven phishing/deepfake '
'attacks'],
'high_value_targets': ['corporate data',
'financial systems',
'customer PII']},
'investigation_status': 'Survey-based findings (no specific incident '
'investigation detailed)',
'lessons_learned': ['AI adoption outpaces governance: 95% allow generative AI '
'tools, but only ~50% have formal AI-use/data privacy '
'policies.',
'Third-party risks are critical: 66% of organizations '
'impacted by vendor/managed services breaches in the past '
'year.',
'Recovery confidence is misplaced: 98.6% express '
'confidence in recovery, but only 12% fully recover data '
'post-attack.',
'Board-level engagement is rising: 84% of Indian '
'executives now rank ransomware as a top-three business '
'risk (vs. 71% globally).',
'Collaboration is key: Effectiveness depends on shared '
'responsibility across organizations, partners, and '
'technology providers.'],
'motivation': ['financial gain (ransom payments)',
'data theft',
'disruption of operations'],
'post_incident_analysis': {'corrective_actions': ['Accelerate implementation '
'of AI governance '
'frameworks and data '
'privacy policies.',
'Enhance third-party risk '
'management programs, '
'including continuous '
'monitoring of suppliers.',
'Increase frequency and '
'rigor of ransomware '
'recovery simulations.',
'Invest in advanced threat '
'detection for AI-driven '
'attacks (e.g., deepfake '
'identification tools).',
'Promote cross-industry '
'collaboration to address '
'systemic vulnerabilities '
'in supply chains.'],
'root_causes': ['Rapid AI adoption without '
'commensurate governance (e.g., '
'lack of formal AI-use policies).',
'Over-reliance on third-party '
'ecosystems with inadequate '
'security oversight.',
'Insufficient testing of '
'ransomware recovery plans (gap '
'between confidence and actual '
'recovery rates).',
'Expanding attack surface due to '
'hybrid/AI-powered environments.']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_paid': '70% of affected organizations'},
'recommendations': ['Implement formal AI governance frameworks to align '
'productivity gains with security/privacy risks.',
'Strengthen third-party risk management, including '
'rigorous cybersecurity assessments of suppliers and '
'managed service providers.',
'Enhance ransomware recovery testing frequency and '
'realism to close the gap between perceived and actual '
'resilience.',
'Expand security awareness training to include '
'AI-specific threats (e.g., deepfakes, generative AI '
'misuse).',
'Prioritize investments in cloud security, network '
'protection, and immutable backup solutions.',
'Foster cross-ecosystem collaboration to address '
'cascading risks in supply chains and shared '
'infrastructure.'],
'references': [{'source': 'OpenText Global Ransomware Survey (4th Annual)'},
{'source': 'ETCISO Article on OpenText Survey Findings'}],
'response': {'incident_response_plan_activated': True,
'recovery_measures': ['ransomware recovery plan testing (76% '
'test multiple times/year)',
'security awareness training (80% conduct '
'regularly)'],
'remediation_measures': ['cloud security enhancements (68% '
'priority)',
'network protection (60% priority)',
'backup technologies (58% priority)'],
'third_party_assistance': ['managed service providers (83% of '
'organizations)',
'cybersecurity assessments of '
'software suppliers (91%)']},
'stakeholder_advisories': ['Board-level engagement: 84% of Indian executives '
'treat ransomware as a top-three business risk.',
'Third-party advisories: 91% conduct formal '
'cybersecurity assessments of software suppliers.'],
'title': 'Ransomware and AI-Driven Cyber Threats Targeting Indian Enterprises '
'(2023-2024)',
'type': ['ransomware',
'phishing',
'deepfake impersonation',
'supply chain attack'],
'vulnerability_exploited': ['insufficient AI governance',
'third-party ecosystem dependencies',
'lack of formal AI-use/data privacy policies']}