Ransomware remains one of the most persistent and costly cyber threats facing organizations worldwide. However, new findings from Sophos’ sixth annual State of Ransomware 2025 report suggest a notable shift in how Indian companies are responding. The vendor-neutral study, which surveyed 3,400 IT and cybersecurity leaders across 17 countries, including 378 from India, revealed a sharp 79% drop in the median ransomware payment in India, falling from US$2 million to US$481,636. To understand the reasons behind this decline and explore emerging cybersecurity trends, Sunil Sharma, Vice President – Sales, India & SAARC, Sophos, in an exclusive conversation with Tech Achieve Media discussed what’s changing on the ground, how organizations are preparing, and the critical role of awareness, prevention, and rapid response.
TAM: Hackers often encrypt organisational data after they hack into a company’s network. Why aren’t companies proactively protecting their own data with quantum encryption?
Sunil Sharma: There are many organizations that are using advanced security solutions, but there are still quite a few that aren’t, thus making them vulnerable. However, encryption alone isn’t enough. Let me explain. Suppose you’re working on your laptop and step away for a few minutes without locking the screen. Someone else could come in during that window and misuse the system. So while we often focus on external threats, internal lapses like these are just as serious and surprisingly common.
Also read: Recovery from Ransomware Costs Indian Firms Over $1 Million – Sophos
In fact, some of the largest breaches have occurred due to internal negligence. People leave their systems unlocked or leave sensitive information unattended. Even with encryption in place, such carelessness creates vulnerabilities. File and folder-level encryption is necessary, but so is user awareness.
So yes, while many companies are using encryption, there are still a large number who don’t, or who lack user training. User awareness continues to be a major challenge across industries. Whether the insider threat rate is 10% or 20%, it depends on the sector, be it KPO, BPO, IT/ITeS, BFSI, or healthcare. But the problem is widespread.
Another important point is, suppose you’re a CFO accessing sensitive financial data on a server. Cybercriminals today don’t always attack instantly. Sometimes, the malware just sits quietly, watching and recording. It tracks when you log in, what files you open, and waits for the right moment to strike. If your credentials are compromised, the attacker is already inside, and what happens next is just a matter of timing. So, relying on a single security solution is no longer enough. Organizations, big or small, need a multi-layered approach. Even small and mid-sized enterprises must now take cybersecurity seriously.
TAM: In your report, you mentioned a significant drop, which is around 12% in the number of people who paid ransomware, and a 79% drop in the total amount paid. What are the key reasons behind this decline?
Sunil Sharma: The drop can be attributed to two or three key reasons. First, organizations have become more aware of the increasing threat of cyberattacks. Many now recognize the likelihood of being targeted, and as a result, have invested in better backup and restoration capabilities. This has been crucial. When users know they have reliable backups and a robust restoration process in place, they’re more confident that even if a server is compromised, they can rebuild it. It may take time, but it eliminates the need to pay a ransom to cybercriminals. This has played a major role.
Second, organizations have started implementing basic incident response plans. Many have realized the importance of being prepared, similar to disaster management strategies in regions prone to natural disasters. They’ve begun proactively. This mindset shift has led to actionable steps being taken in advance.
TAM: You have recommended prevention as one of the main steps to avoid getting breached. However, is prevention really an option for organisations when it comes to cybersecurity?
Sunil Sharma: Around 90% of cyberattacks can be prevented using modern prevention technologies. In fact, based on our internal assessments, 98 to 99% of attacks can be avoided simply by securing your infrastructure with the latest protective measures. It’s only that 1% of sophisticated threats where detection and response technologies become critical. For example, imagine it’s 3 a.m., and someone is trying to access your organization’s systems using compromised credentials from one of your colleagues. Suddenly, gigabytes of data start transferring out.
For organizations that have opted for our SOC-as-a-Service (like Managed Detection and Response), we immediately detect such anomalies. Our system flags the activity, stops the data exfiltration, and alerts the relevant stakeholders. If the organization has authorized us in advance, we can even take immediate corrective action on their behalf. So, while breaches can still happen, the real question is, when they do, who acts, and how quickly? That response can make all the difference in saving the organization from serious damage.
TAM: What has the impact of the DPDPA Law been on the cybersecurity industry in India?
Sunil Sharma: We are yet to see the full impact, as the regulation is set to come into effect. To be honest, I don’t have any concrete observations at this point. However, one thing I can say is that any act or law tends to reinforce compliance. When compliance is reinforced, organizations are at least compelled to become more alert. Even if it’s just to meet regulatory requirements, they are pushed to take action. This administrative or regulatory pressure drives organizations to allocate budgets they may have otherwise postponed or avoided, simply to stay compliant.
TAM: What must the top priorities for CISOs be?
Sunil Sharma: A CISO must have a well-defined incident response plan, and this is non-negotiable. They also need to ensure they are using the best available prevention tools to protect their organization. Given that CISOs often lack the manpower to handle the flood of alerts generated by cybersecurity tools, outsourcing becomes essential. They aren’t magicians or superhumans with a thousand hands, and they need support. So, my advice is to focus on at least three key areas: incident response, robust prevention tools, and outsourcing where needed.
And finally, last but definitely not least, user awareness. Every organization should have a user awareness team that runs regular training sessions. For example, we offer a tool called FishThreat that allows companies to schedule phishing simulations every 15 or 30 days. It tracks who clicks on suspicious links, and then automatically initiates training modules for those users. Programs like this are critical in building a cyber-aware culture.
usa number