A new global survey by CrowdStrike has found that 76% of organisations are struggling to match the speed and sophistication of AI-powered ransomware attacks. The findings from the 2025 State of Ransomware Survey highlight how artificial intelligence is reshaping cyber threats, with adversaries increasingly using it to accelerate intrusion, encryption, and extortion.
The report also reveals that 89% of organisations now view AI-driven protection as essential to closing the widening defence gap. CrowdStrike warns that the future of cybersecurity will depend on who gains the upper hand in the AI race — attackers or defenders.
AI accelerates every stage of the attack chain
According to Elia Zaitsev, chief technology officer at CrowdStrike, AI is transforming the cyber threat landscape. “From malware development to social engineering, adversaries are weaponising AI to accelerate every stage of attacks, collapsing the defender’s window of response,” he said. “The 2025 State of Ransomware Survey reinforces that legacy defences can’t match the speed or sophistication of AI-driven attacks. Time is the currency of modern cyber defence – and in today’s AI-driven threat landscape, every second counts.”
The report found that 48% of respondents see AI-automated attack chains as the biggest ransomware threat today, while 85% say traditional detection methods are becoming ineffective against AI-enhanced attacks. Nearly half of organisations fear they cannot detect or respond as quickly as AI-powered attacks can unfold, with only a small minority able to recover from such incidents within 24 hours.
Social engineering and leadership gaps heighten the risks
Phishing remains one of the most common entry points for ransomware, but AI has made it significantly more dangerous. Around 87% of survey participants said AI tools make phishing lures more convincing, while deepfake content is emerging as a major factor in future ransomware operations. This combination of advanced manipulation and automation allows cybercriminals to deceive employees and bypass traditional security checks more effectively.
The study also highlights the ongoing challenges with ransom payments. Among organisations that paid to recover their systems, 83% were attacked again, and 93% reported that their data was stolen despite the payment. This underlines the limited protection offered by paying a ransom and the importance of strengthening resilience instead.
Another critical issue lies in leadership perception. About 76% of respondents identified a gap between how senior leaders perceive their ransomware readiness and the actual state of their defences. CrowdStrike notes that this disconnect signals an urgent need for board-level engagement and investment in modern cybersecurity strategies.
CrowdStrike’s approach to AI-powered defence
To help organisations regain the advantage, CrowdStrike is promoting what it calls an agentic approach to cybersecurity. Its Agentic Security Platform and Agentic Security Workforce use AI to enhance human capability, automating key security workflows and helping defenders respond faster. The system deploys AI agents to manage time-consuming or complex tasks, freeing security teams to focus on decision-making and incident response.
CrowdStrike positions its technology as a way to “flip time in defenders’ favour,” giving organisations the intelligence and automation needed to stop ransomware before it disrupts business operations. By combining speed, context, and AI-driven analysis, the company aims to help customers stay ahead of attackers in an increasingly fast-moving threat environment.
