Extract from Ella Sherman’s article “Companies Starting to Win the Battle Against Ransomware as Payments Fall”
In 2024, ransomware payments decreased, suggesting that the prevalence and impact of ransomware attacks have also gone down, according to a report from BakerHostetler published Tuesday.
The firm’s 2025 Data Security Incident Response Report found that, excluding the largest payment from the average which heavily skews the data, the average ransomware payment dropped by 33% from 2023 to 2024.
“I think it’s showing companies are starting to win the battle,” BakerHostetler partner Craig Hoffman told Legaltech News.
Although ransomware attacks remain a risk, their impact has lessened as organizations have strengthened their data organization and backup strategies. Law enforcement has also been able to detect ransomware operations early on.
The report also noted that the average cost of forensic investigations for cyber incidents has also gone down 30% in 2024 as a result of new and improved triage collection tools, endpoint detection and response coverage, among other innovations.
