Insurance and risk professionals in Australia and New Zealand are reporting high levels of confidence in their organisations’ ability to withstand ransomware attacks, yet recent industry research indicates a significant gap between these perceptions and actual recovery performance.
According to CrowdStrike’s State of Ransomware Survey, more than half of surveyed organisations in the region believed they were “very prepared” prior to their most recent ransomware incident, ranking them among the most confident globally. However, this sense of readiness did not translate into rapid recovery. Only 9% of organisations in Australia and New Zealand were able to restore operations within 24 hours of an attack, a rate that falls behind other major markets such as the UK, where 35% achieved this benchmark.
The region was also identified as the third most targeted globally, with 78% of respondents experiencing at least one ransomware attack in the past year.
Sector analysis shows preparedness does not guarantee rapid recovery
Sector-specific figures reveal similar patterns. In the public sector, 60% of respondents felt highly prepared, but only 12% managed to recover within a day. In manufacturing, the same proportion expressed confidence, yet only 12% achieved swift remediation.
Healthcare and financial services organisations reported 23% and 38% rapid recovery rates, respectively, despite over half in each sector indicating strong preparedness.
Nature of attacks and the role of artificial intelligence
The survey highlighted that nearly half of ransomware incidents in Australia and New Zealand aimed to access additional systems, while 40% involved direct encryption or locking of data. The increasing sophistication of these attacks is partly attributed to the use of artificial intelligence by threat actors.
Globally, 87% of IT leaders observed that AI-driven social engineering is more convincing and difficult to detect than traditional methods.
In Australia and New Zealand, nearly half of respondents strongly agreed with this assessment. The report also found that 76% of global IT leaders believe that staying fully prepared is becoming more challenging as attackers leverage AI to accelerate their operations.
.png)
Elia Zaitsev, chief technology officer at CrowdStrike, commented that cybercriminals are leveraging artificial intelligence to speed up all phases of their attacks, from creating malware to executing social engineering schemes. “The 2025 State of Ransomware Survey reinforces that legacy defences can’t match the speed or sophistication of AI-driven attacks. Time is the currency of modern cyber defence – and in today’s AI-driven threat landscape, every second counts,” Zaitsev said, as reported by Security Brief.
Financial consequences and ongoing risks
The financial impact of ransomware incidents remains substantial. The average global cost of downtime per incident is estimated at US$1.7 million.
In Australia, public sector organisations reported average downtime costs of US$2.5 million, while healthcare and financial services reported US$1.5 million and US$1.3 million, respectively. Paying a ransom does not guarantee data security or prevent repeat incidents. The survey found that 93% of organisations globally that paid a ransom suspected their data was still exfiltrated, and 83% were targeted again.
Leadership perceptions and investment in modern defences
A disconnect also persists between organisational leadership and operational teams regarding cyber readiness.
Three-quarters of respondents reported a gap between leadership confidence and actual response capabilities. The findings suggest a need for greater board-level engagement and investment in advanced security measures, particularly those leveraging AI. Nearly 90% of respondents identified AI-powered solutions as critical to closing the gap between attackers and defenders.
Data protection shapes Australia and New Zealand's cyber strategies
Organisations in Australia and New Zealand are prioritising data protection, privacy, and regulatory compliance in their cybersecurity strategies.
A recent study shows that 45% of leaders in the region identified these areas as their top security concerns for the coming year, a focus that differs from global trends where AI adoption is the main driver of cybersecurity strategy.
The region also reported the highest rate of cyber incidents worldwide, with 85% of organisations experiencing at least one attack in the past year, compared to a global average of 76%. Local businesses were also more likely to experience significant breaches.
Ransomware payments and negotiation practices
Finally, ransomware payments are more common in Australia and New Zealand than in other regions. Nearly three-quarters of affected firms admitted to paying ransoms to prevent the exposure of stolen data.
Of these, 91% worked with external negotiators, but less than half saw any reduction in the demanded amounts.
