More Australian firms panicking and paying ransoms amid cyber threats

Australian businesses are increasingly falling victim to cybercrime, with a significant majority admitting to paying ransoms to retrieve or protect stolen information. A global study by cybersecurity firm Veeam revealed that over half of Australian companies have paid money to online criminals, a trend that persists despite mandatory ransomware payment reporting laws introduced a year ago.

“

Australia is getting hit harder and being more impacted than a lot of other places.

The Veeam Data Resilience Survey, which polled over 4200 business leaders across Australia, the UK, US, Germany, France, and New Zealand, found that Australian organizations are more likely to pay ransoms than their global counterparts. While 52% of Australian companies admitted to meeting criminals' demands, the global average stands at 40%.

Furthermore, the study indicated a high level of concern among Australian businesses, with 62% expecting to be attacked or experience a data breach in 2026. Nearly as many (61%) stated they would consider paying a ransom in the future. This proactive, albeit costly, approach is partly driven by the prevalence of cyber insurance in Australia.

“

We are very advanced from a technology standpoint so… a larger target for threat actors to come after us and… we’re quite well insured.

John Wood, Veeam's head of systems engineering, noted that Australia's advanced technological infrastructure makes it an attractive target for threat actors. He also highlighted a gap between companies that have robust, real-life tested contingency plans and those that have only conducted superficial exercises. Wood advises organizations to develop comprehensive plans, including identifying emergency contacts and considering the deployment of negotiators to mitigate ransom demands.

“

There’s a big gap between those who have tested under real-life conditions versus those who have gone through an exercise and ticked a box.