S-RM, leading global cybersecurity and intelligence consultancy, has released its 2025 Cyber Incidents Insights Report, which reveals that in 2024, the cybersecurity landscape became increasingly fractured as ransomware attacks increased. The UK’s National Crime Agency (NCA), among other law enforcement groups globally, stepped up action to combat threat actors, while the barrier to entry for criminals lowered.  

The report outlines the dominant trends observed in 2024 and provides an outlook for 2025. Data points around key 2024 developments were:   

Fractures and fissures 

Over the course of 2024, S-RM’s Incident Response team encountered more cyber threat actors than ever before – 53 separate threat actors, a 96% increase from 27 in 2023. This trend reflects an increasingly fractured threat landscape, with established groups hampered by the efforts of law enforcement and the barriers of entry for new entrants lower than ever. 

Ransomware still dominant 

Over a third of the incidents S-RM’s team responded to involved ransomware, making it the leading incident category for the third year running. The rate of growth, however, may have slowed slightly. The number of organisations posted on ransomware and data-theft leak sites grew by 13% in 2024, down from 70% growth the prior year. 

Ransom payments on the decline 

While the threat actors multiply and become increasingly brazen, S-RM has observed that victims are becoming more resilient to ransom demands. Since 2022, the proportion of incidents the team has responded to that resulted in a ransom payment has nearly halved. 

Exploited vulnerabilities continue to open doors 

Exploited vulnerabilities in public-facing systems accounted for method of entry in 39% of extortion cases S-RM supported in 2024. S-RM also observed a 53% increase the number of small businesses named on ransomware leak sites. Increased competition among ransomware groups has broadened the scope of organisations targeted by threat actors. 
 

Jamie Smith, Global Managing Director of Cyber Security at S-RM, said: “While the proportion of threat actors nearly doubled in 2024, we’ve seen that five groups make up 39% of all incidents reported – down from 53% the previous year. This fragmentation is being driven by the break up of big ransomware groups and the ever lower barriers to entry for new threat actors.  
 

“The behaviour of these groups has been difficult to predict and their credibility even tougher to assess, but their motivations remain consistent; financial gain. However, action from groups like the NCA in the UK, and other law enforcement groups globally, has had a positive impact. In 2024, varied approaches helped take down major Ransomware as a Service (RaaS) actors, playing a crucial role in disrupting criminal syndicates by undermining their security and anonymity.”