Modern ransomware attacks are increasingly shifting from system encryption to data theft, forcing organizations to prioritize data visibility and governance over traditional disaster recovery and backup strategies.

Key Points

• Data-only extortion incidents surged 11 times year-over-year, now accounting for 22% of all cases according to Fortra.
• Verizon’s 2025 Data Breach Investigations Report found that ransomware appeared in 44% of all reviewed security breaches.
• Coveware’s Q2 2025 analysis indicates that data exfiltration is now a primary component in 74% of ransomware incidents.
• NIST’s Cybersecurity Framework 2.0 emphasizes maintaining detailed data inventories and lifecycle management to reduce the overall attack surface.
• Experts warn that relying solely on backups is insufficient because they restore system availability but fail to protect against the theft of sensitive information.

Why it Matters

The evolution of ransomware into a data-centric threat means that operational recovery plans are no longer enough to ensure business resilience. Companies must now prioritize data classification and visibility to mitigate the significant legal, regulatory, and reputational risks associated with large-scale data exposure.