But when it comes to the crunch, those hit by ransomware are less likely to cough up.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

A survey of 750 CISOs in the US and UK found that 58% would be willing to pay a ransom if hit by a ransomware attack, despite law enforcement in both countries advising against it. In practice, IDC data shows 37% of attacked companies actually paid — likely an undercount due to stigma. Outcomes for those who pay are mixed: about 5% received incomplete decryption, and only 60% of SMEs that paid successfully recovered their data. Companies that didn't pay fared no better in some cases — 33% couldn't recover anything. The M&S ransomware incident in April 2025, which cost an estimated $400 million in lost operating profit after the retailer refused to pay, illustrates the high stakes. The key takeaway is that robust, tested backups may be the deciding factor in whether paying is necessary.

To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data