Hackers now run ransomware like a professional industry, and Australian businesses are feeling the cost in cash and lost data. New research shows 30% of Australian organisations were hit by ransomware in the past year.
A third of those targeted chose to pay the ransom demand, hoping to get their data back and move on. Many instead discovered that payment is no guarantee of recovery.
The figures come from the sixth State of Data Resilience report, based on a survey of 411 IT decision-makers across Australia and New Zealand. The study, commissioned by Nasdaq-listed cybersecurity company Commvault, drills into how organisations respond when their systems are locked.
Among those that paid, 46% say attackers either did not release their data or came back asking for more. Paying once rarely closes the door on further extortion attempts.
Security agencies and cybersecurity specialists strongly discourage paying ransoms, and the report’s numbers show why that guidance exists. Paying signals to attackers that an organisation is a “willing payer”, which increases the risk of repeat targeting.
It also keeps the ransomware economy profitable, encouraging more sophisticated attacks and further professionalisation of criminal groups. For Australian businesses, the real cost looks less like a one-off payment and more like an ongoing exposure that money alone cannot fix.
