Rubrik Finds the Vast Majority of Australian Organisations are Still Paying Ransomware Demands

SYDNEY, Australia - June 10, 2025: Despite repeated warnings from law enforcement and intelligence agencies, Australian organisations continue to pay ransomware attackers. New research from Rubrik Zero Labs found 91 per cent of local security leaders paid a ransom in the past year. The report, "The State of Data Security in 2025: A Distributed Crisis," reveals many local organisations are still unprepared to address the hazards hybrid IT environments pose.

A ransomware actor's new target - backup systems

One of the most notable findings in this year's report was that 92 per cent of local organisations experienced a cyberattack last year. In a typical ransomware attack, the victim would be able to restart their operations by recovering data from their backup systems. However, Rubrik's research found these systems were routinely being compromised during an attack to disrupt recovery attempts. Of the Australian IT and security leaders that experienced a ransomware attack, 78 per cent said the threat actors were able to at least partially harm backup and recovery options - more than a third (35 per cent) said the attackers were completely successful in doing so.

"Paying an attacker, supports the cybercrime business model, encourages further attacks and continues the cycle," David Rajkovic, Vice President, Rubrik A/NZ said. "Unfortunately, we're seeing Australian organisations lulled into a false sense of security from the attack prevention focused security measures they've implemented and being completely unprepared once those defences have been thwarted." 

A proliferation of platforms = attack surfaces widening

While sophisticated attack strategies were part of the problem, an expanding attack surface due to the proliferation of SaaS platforms was making the challenge more acute for local security leaders.

Almost all (98 per cent) of Australian respondents said they were using between two and five cloud and SaaS platforms for data storage, applications, and services. More than two-thirds (66 per cent) said they were planning to increase their use of cloud and SaaS-based services over the next year.

As the use of these platforms increased, local security leaders reported that protecting their data was becoming more difficult. In particular, Australian organisations highlighted securing sensitive data across multiple environments (38 per cent), data compliance and privacy concerns (34 per cent), and lack of centralised management (34 per cent) as the key challenges they were encountering.  

"Attackers are no longer breaking in, they're logging in. They are increasingly stealing credentials to compromise their victims' cloud and SaaS platforms," Rajkovic said. "This demands a shift in defence strategies and the adoption of an 'assumed breach mindset.' Prevention strategies are critical, but they need to be complemented with a robust recovery strategy for when those measures fail - one that ensures cyber resilience and gets the business back up and running as quickly as possible."

To read the full report, visit https://zerolabs.rubrik.com/.

Methodology

"The State of Data Security in 2025: A Distributed Crisis" is based on insights from over 1,600 IT and security leaders across 10 countries (half of whom were CIOs or CISOs), conducted in partnership with Wakefield. The findings are amplified by Rubrik telemetry data, including an analysis of 5.8 billion total files across cloud and SaaS environments, with over 175 million sensitive files classified across customer environments. Data covers the period from January 1, 2024, through December 31, 2024.

About Rubrik

Rubrik (NYSE: RBRK) is on a mission to secure the world's data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

For more information, please visit www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.