OpenText™ (NASDAQ/TSX: OTEX), a global leader in secure information management for AI, today released the United Kingdom findings of its fourth annual Global Ransomware Survey. The survey of 420 UK security practitioners and business leaders highlights a rising tension between confidence and risk: confidence in ransomware readiness is high yet concern over AI-driven attacks and third-party vulnerabilities is growing just as fast.
Organisations believe they’re ready to bounce back from ransomware — but AI is rapidly changing the threat landscape. New attack methods, weak governance, and supply-chain vulnerabilities are exposing critical gaps between preparation and performance, creating a higher-stakes environment for defenders and leaders alike. This is especially true for SMBs that have fewer formal AI policies.
“Organisations are right to be confident in their progress in security posture, but they can’t afford to be complacent,” said Muhi Majzoub, Executive Vice President, Security Products, OpenText. “AI fuels productivity while also heightening risk through insufficient governance and its expanding use in attacks. Managing information securely and intelligently is essential to building resilience in organisations of any size.”
Key survey findings include:
False sense of confidence grows, as AI raises the stakes
UK organisations feel more prepared than ever to recover from ransomware attacks, but AI introduces a growing layer of complexity that’s causing unease. While internal GenAI use is rising, so are external AI-powered threats. Organisations are navigating a high-stakes balancing act to enable innovation while managing risk.
- 96% of UK respondents are confident in their ability to recover from a ransomware attack, but only 9% of those attacked fully recovered their data.
- 90% allow employees to use GenAI tools, yet just 52% have a formal AI-use policy.
- 50% report increased phishing or ransomware due to AI; 48% have seen deepfake-style impersonation attempts.
- Top AI-related concerns include data privacy and leakage (30%), AI-enabled ransomware or phishing (26%), and deepfakes or impersonation (19%).
Unmanaged supply-chain pathways create hidden risks
While much of the ransomware conversation centres on AI, supply-chain and third-party risks remain a quiet but dangerous threat. Attacks are increasingly entering through vendors, partners, or unmanaged digital pathways.
- 41% of UK companies experienced a ransomware attack in the past year; 62% of those were hit more than once.
- 49% of victims paid a ransom; 34% paid between $50,000 and $250,000, and 7% paid between $1M and $5M.
- Only 9% fully recovered their data, while 16% recovered less than 25%.
- 45% experienced ransomware originating from a software vendor or managed service provider.
- 86% of UK organisations have a formal process to assess software-supplier cybersecurity; 89% have a vulnerability-management and patching process in place.
Sophistication of ransomware attacks raises awareness
The rise of AI and the spread of ransomware across critical business systems have pushed cybersecurity into the spotlight. What was once seen as an IT issue is now recognised as a core strategic concern for boards and executive teams.
- 81% of UK respondents say their executive team sees ransomware as a top three business risk.
- 71% have been asked by customers or partners about ransomware readiness in the past year.
- 82% of UK organisations require frequent security-awareness or phishing training, while just 2.1% offer none.
- 64% plan to increase investment in cloud security, 55% in backup technologies, and 60% in user training in 2026.
- 70% outsource some or all of their security to managed service providers.
