CrowdStrike State of Ransomware Survey: 76% of Organisations Struggle to Match Speed of AI-Powered Attacks
Ransomware Readiness Lags as Adversaries Use AI Across the Attack Chain to Accelerate Intrusion, Encryption, and Extortion

According to the 2025 State of Ransomware Survey from CrowdStrike, 76% of global organisations struggle to match the speed and sophistication of Artificial Intelligence (AI)-powered attacks. With 89% viewing AI-powered protection as essential to closing the gap, the findings make clear that the future of stopping breaches will be decided by who holds the AI advantage—adversaries or defenders.
“From malware development to social engineering, adversaries are weaponising AI to accelerate every stage of attacks, collapsing the defender’s window of response,” said Elia Zaitsev, Chief Technology Officer at CrowdStrike. “The 2025 State of Ransomware Survey reinforces that legacy defences cannot match the speed or sophistication of AI-driven attacks. Time is the currency of modern cyber defence—and in today’s AI-driven threat landscape, every second counts.”
Key Findings from the 2025 State of Ransomware Survey
-
Legacy Defences Fall Behind: 48% of organisations cite AI-automated attack chains as today’s greatest ransomware threat, while 85% report traditional detection is becoming obsolete against AI-enhanced attacks.
-
Speed Defines the Security Outcome: Nearly 50% of organisations fear that they cannot detect or respond as fast as AI-driven attacks can execute, with fewer than a quarter recovering within 24 hours, and nearly 25% suffering significant disruption or data loss.
-
Social Engineering Evolves with AI: Phishing remains a leading attack vector, with 87% saying AI makes lures more convincing, and deepfakes emerging as a major driver of future ransomware attacks.
-
Paying Ransom Fuels Repeat Attacks: 83% of organisations that paid a ransom were attacked again, and 93% had data stolen anyway.
-
The Leadership Disconnect: 76% report a disconnect between leadership’s perceived ransomware readiness and actual preparedness, underscoring the urgent need for board-level buy-in to modernise defences.
CrowdStrike’s Agentic Approach to Outpacing AI-powered Threats
CrowdStrike puts defenders in front in the race for AI superiority—delivering the speed, intelligence, and automation to stop AI-driven threats and ransomware operations before they can disrupt, encrypt, or extort. Powered by the Agentic Security Platform, CrowdStrike’s Agentic Security Workforce places security analysts in command of mission-ready AI agents that handle critical security workflows and automate time-consuming tasks—flipping time in their favor. The result is AI-powered protection that keeps defenders ahead of AI-driven threats.
The full 2025 CrowdStrike State of Ransomware Survey is available for download here.



