Cyberattacks Take a Hit

Despite an increase in the number of attacks, ransomware payments declined by $500 million last year. Have firms won the battle, or are attackers just retrenching?

The email came a few hours before the opening of the stock market. A notorious ransomware gang had infiltrated the company’s cybersecurity defenses and was now threatening to leak proprietary data onto the dark web unless a seven-figure payment was deposited into a crypto account before the opening bell. But instead of giving in to the demand, the company alerted the proper law-enforcement agencies, disclosed the breach to the investor community, and told the gang it wasn’t going to pay. 

After years of quickly paying hackers off, more corporations are fighting back. According to a new report, ransomware payments declined by 35%, or more than $500 million, last year. In total, companies paid $814 million to hackers in 2024, well below the record-setting $1.25 billion paid out in 2023. Last year’s payout also marked the second-lowest annual amount since 2020. Max Kershner, leader of Korn Ferry’s Cybersecurity practice in North America, attributes the decline to a seismic shift in the ransomware landscape. “While attackers are getting bolder, companies are getting smarter,” he says. 

For starters, Kershner says, companies have learned that ransomware gangs can’t be trusted. After watching peers make payments to attackers only to have their information leaked anyway, firms are less willing to negotiate. “‘No decryption among hackers’ is the same as ‘no honor among thieves,’” he says. Instead, companies are investing in their cybersecurity defenses—including deploying AI to detect potential breaches—so they can restore data and recovery operations before attackers can get deeper into their systems. 

With many ransomware groups attached to nation-states, governmental and legal agencies have also been more aggressive in taking down groups like LockBit and BlackCat. To be sure, some governments won’t allow companies to make ransom payments to known nation-state attackers. And insurance companies are tightening coverage by capping payments, which has made leaders think twice before giving in to demands. In the past, companies would readily pay the ransom, knowing that insurers would make them whole. 

Even if payments have declined, however, ransomware attackers aren’t going away. In fact, the number of attacks is actually increasing. Firms reported a record 5,260 successful ransomware attacks in 2024, an 11% increase from 2023. The decrease in payments despite an increase in attacks reflects the shift from large, sophisticated gangs that target big corporations to smaller groups focused on more vulnerable small- and mid-cap companies, says Craig Stephenson, a senior client partner and global head of Korn Ferry’s Tech, Ops, Data/AI, & InfoSec Officers practice. “We are seeing a rise in lone-wolf actors aided by AI, who are demanding less but having more success,” he says. 

Clearly, one year does not make a trend, and “no leader should think that cyber criminals are slowing down,” notes Lieutenant General (ret) Bill Mayville, a Korn Ferry consultant and former vice commander of US Cyber Command. He says ransomware groups are in a period of retrenchment, with AI and machine-learning models facilitating attacks by lower-skilled criminals. Think of it as a vicious cycle: The more firms rely on digital infrastructure to operate and incorporate AI into their systems, the more targets there are to attack. Or, as Mayville puts it, “Companies are in a long war, not a short battle. Any leader who feels less scared about their organization’s vulnerabilities to ransomware attacks would worry me.”

Learn more about Korn Ferry’s Cybersecurity capabilities. 

Read more This Week in Leadership articles