Lack of personnel and capacity also cited as top operational factors behind attacks
Phishing emails have emerged as the top reason behind ransomware attacks in Singapore, resulting in massive ransom payments and costs to organisations, according to a new report.
The Sophos State of Ransomware 2025 report sought the experience of 90 IT and cybersecurity leaders in Singapore who are working for firms hit by ransomware last year.
It found that phishing emails were the "most common technical root cause of attacks," as cited by 36% of the respondents.
Other common causes of ransomware attacks include malicious emails (29%) and compromised credentials (17%), according to the report.
More than four in 10 respondents also said the common operational root causes of ransomware attacks include lack of protection (47%) and the lack of personnel or capacity (43%).
More than a third (39%) of the respondents also cited the inability of their cybersecurity products and services to prevent the attack as a contributor to their organisation becoming a victim of ransomware, according to the report.
Impact of ransomware attacks
More than half of ransomware attacks (53%) in Singapore resulted in data being encrypted, the report revealed.
All of them said they were able to retrieve the encrypted data. However, half of them said they had to pay a ransom to get it back.
The ransom demands last year were between SG$10,000 and SG$499,999. Singaporean firms paid a median ransom payment of SG$365,565.
"Singaporean organisations typically paid 94% of the ransom demand, above the global average of 85%," the report read.
On top of ransom payments, the average bill incurred by Singaporean firms from ransomware attacks reached $1.54 million.
"This includes cost of downtime, people time, device lost, network cost, lost opportunity, etc.," the report read.
Human impact of attacks
Meanwhile, the report noted that the impact of ransomware attacks extended beyond financial losses, affecting individuals on a more personal and human level.
More than half of the respondents (52%) reported increased pressure from senior leaders, according to the report. Others experienced:
- A change of team priorities and focus (46%)
- Ongoing increase in workload (46%)
- Increased anxiety or stress about future attacks (42%)
- Feelings of guilt that the attack was not stopped (25%)
The report underscored prevention as one of its top recommendations in dealing with ransomware attacks.
"Look to reduce both the technical root causes of attack and the operational ones highlighted in this report," it said.
It also stressed the importance of strong foundational security, around-the-clock threat detection, and having an incident response plan.
"As adversaries continue to iterate and evolve their attacks, it's essential that defenders and their cyber defences keep pace," the report said.
