A staggering 80% of ransomware-hit Indian firms paid to recover data: Rubrik Zero Labs
New Delhi: A staggering 80 per cent of Indian organisations that suffered ransomware attacks in the past year ended up paying a ransom, either to recover critical data or to halt ongoing cyberattacks, according to a new report by Rubrik Zero Labs.
The Rubrik research highlights a global surge in cyber incidents, with 90 per cent of IT and security executives reporting at least one cyberattack in the past year. With identity-based attacks rising sharply, nearly 80 per cent of data breaches now involve compromised credentials.
Around 125 IT leaders participated in the survey and 52 per cent paid due to data extortion threats, and 44 per cent reported that attackers had successfully compromised their backup and recovery systems.
Meanwhile, Rubrik’s telemetry data shows that 36 per cent of sensitive files contained high-risk information, such as PII, intellectual property, or digital credentials. The consequences of these breaches are severe. Among Indian respondents, 29 per cent reported financial losses, 31 per cent experienced reputational damage, and 36 per cent saw leadership changes following an attack.
The report, “The State of Data Security in 2025: A Distributed Crisis,” paints a concerning picture of India’s cybersecurity readiness, especially as organizations shift to complex hybrid environments involving cloud, SaaS, and on-premise systems.
“This report serves as a wake-up call for Indian IT leaders,” said Ashish Gupta, Managing Director, India & Head of Engineering, Rubrik. “The widespread use of hybrid infrastructure has drastically expanded the attack surface. Organizations need to urgently build resilience and adopt data-centric security strategies.”
The growing complexity of data environments is making security more challenging. Around 65 per cent of Indian companies now store sensitive data across two to three different platforms, with 38 per cent citing this distributed architecture as a top security challenge. Globally, 35 per cent of respondents pointed to the difficulty of securing data across varied ecosystems as their primary concern. Joe Hladik, Head of Rubrik Zero Labs, emphasized the need to shift from a reactive to a proactive stance: “Organizations must adopt an attacker’s mindset—identify what’s most valuable and protect it before it’s compromised.”
The report also outlines a worrying evolution in cyber threats. As AI adoption and cloud reliance grow, so too do the risks. Rubrik urges Indian organizations to invest in unified visibility, rapid recovery, and identity-centric protection to combat this escalating threat landscape.