Ransomware Evolution: AI, Identity Gaps & Leadership Blind Spots Are Shaping The Threat

Uploaded on 2025-08-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware remains one of the most disruptive and costly threats facing businesses today. New research reveals that 69% of organisations experienced a ransomware breach in the past 12 months, with more than a quarter suffering more than one attack. It is no longer just a question of having backups in place. 

The scale, frequency and complexity of these attacks mean that traditional defences are struggling to keep pace. 

Attackers are becoming more sophisticated and better equipped, using AI to increase speed, scale and success.

At the same time, many organisations are still falling short on fundamental security practices. With the impact of ransomware now reaching into boardrooms and business continuity plans, a more proactive and identity-focused approach is needed.

Ransomware Tactics Shift As Fewer Pay The Ransom

One trend that has emerged over the past year is a decline in ransom payments. Just 57% of victims chose to pay, compared to 76% the year before. That is a positive step, showing that more organisations are listening to law enforcement and putting recovery plans in place. However, it is not stopping attacks from happening.
Rather than relying on encryption alone, attackers are turning to extortion. 85% of victims were threatened with data exposure, and 60% reported that data was actually stolen. Even when organisations pay, recovery is not guaranteed. While backup strategies remain important, they are no longer enough on their own. Organisations need to look further upstream and focus on how attackers are getting in.

Security Concerns Grow But Controls Lag Behind

Boards and leadership teams are taking ransomware more seriously. But while awareness is growing, this is not always translating into stronger defences.

Despite a number of effective methods available, many organisations still haven’t implemented privilege access, a simple but effective way to limit how far attackers can move if they do gain access. Application control is also underused, even though it can help reduce exposure to malware and unauthorised software.

As the threat becomes more targeted, and business operations more dependent on digital infrastructure, this lack of alignment between executive concern and practical measures is becoming a key risk in itself.

AI Accelerates Attacks & Stretches Defenders

AI is transforming how ransomware is delivered and executed. It is now being used to create more convincing phishing emails, build deepfakes that mimic real people, and even automate reconnaissance and exploitation. These capabilities allow attackers to launch highly personalised campaigns at speed and at scale.

In response, organisations are now using AI within their security operations to help them to speed up detection, sift through large volumes of threat data and support phishing prevention. It is also being used to support identity and access management, monitoring behaviour and helping to flag suspicious activity in real time.

The challenge is that attackers are moving just as quickly. While AI gives defenders better tools, it also shortens the time they have to detect and respond. That is why prevention, rather than recovery, has to be the focus.

Identity Is The Entry Point & The Weak Link

The majority of ransomware attacks start with compromised credentials. These are often bought on the dark web or obtained through phishing and social engineering. Initial access brokers are making it easier for less skilled threat actors to purchase their way into corporate networks.

This makes identity security one of the most important layers of protection. Practices like least privilege access, privileged access management and multi-factor authentication help to restrict what attackers can see and do once inside.

These controls are even more effective when combined with AI-powered tools that can monitor sessions, spot anomalies and enforce policies based on real-time risk.

Securing identities is no longer just an IT concern. It is a business enabler that protects critical data, reduces risk and supports faster recovery when things go wrong.

From Awareness To Action

The scale of the ransomware threat means that concern is no longer enough. Organisations need to move towards a more preventative approach that puts identity at the centre. That includes embedding security principles into how users are onboarded, how access is granted, and how suspicious activity is flagged and handled.

AI has a key role to play here, but it needs to be backed by the right strategy and clear governance. Business leaders must make sure security teams are equipped to act quickly and effectively, while also taking steps to close the gap between concern and control.

As ransomware continues to evolve, identity security offers a practical, scalable and proactive way to stay ahead. The question is no longer whether your organisation will be targeted, but whether it will be ready when it is.

Spencer Young is SVP, EMEA at Delinea

Image: Ideogram 

You Might Also Read: 

Rethinking Cyber Defence For Tomorrow's Threats:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« How To Keep Third-Party Events From Becoming First-Party Losses

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

X-PHY

X-PHY

X-PHY is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core.

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.

Parafox Technologies

Parafox Technologies

Parafox Technologies delivers data security, compliance, and risk solutions to help businesses grow securely and stay audit-ready.