Damage Control

The Ransomware Gap: Activity Outpaces Security Spending 3-to-1

CybersecurityRansomwareTechnology EconomicsVulnerability Research
Added
Link90
Article: NegativeCommunity: NegativeDivisive
The Ransomware Gap: Activity Outpaces Security Spending 3-to-1

In 2025, ransomware activity grew three times faster than the global security spending meant to combat it, with claims rising 30.7% compared to a 10.1% budget increase. Although the threat landscape is fragmented among 136 different groups, a small number of prolific actors like Qilin and Akira continue to dominate the volume. This persistent growth gap indicates that while security spending is rising, it is failing to keep pace with the scale of the ransomware threat.

Key Points

  • Ransomware leak-site claims grew by 30.7% in 2025, while global security spending only increased by 10.1%.
  • The absolute volume of ransomware activity has set a new record every year since 2020, even as the percentage growth rate begins to decelerate.
  • The threat landscape is highly active and fragmented, featuring 136 distinct ransomware groups, though the top 10 actors drive over half of the total claim volume.
  • Other indicators, such as US healthcare breach filings (HHS OCR) and exploited vulnerability tracking (CISA KEV), confirm a broader trend of an intensifying threat environment.

Sentiment

The community is predominantly skeptical of the article's core premise. While commenters agree ransomware is a serious and growing threat, they largely reject the idea that spending must scale proportionally with attack volume. The prevailing view is that the article reflects a vendor-driven, spend-more mindset rather than addressing root causes like poor security hygiene, OS design flaws, and organizational culture.

In Agreement

  • C-suite executives increasingly view cybersecurity as bad ROI, leading to security professional layoffs even as threats grow
  • AI tools are making it easier for attackers to find exploits and write ransomware, potentially widening the gap further
  • Small organizations and local governments lack the scale and budget to maintain adequate security, making them especially vulnerable
  • The DeFi security context shows a similar pattern: as value at risk rises, attack incentives grow faster than defenses can scale

Opposed

  • Security spending should not need to grow linearly with attack volume — effective countermeasures should produce sub-linear growth, and the article's framing reflects vendor-driven marketing
  • Basic security hygiene (application allowlisting, network segmentation, credential management, phishing-resistant MFA) can largely neutralize ransomware as a threat without massive spending increases
  • The best defense against ransomware is offline backups and restore procedures, which don't appear in cybersecurity spending analyses
  • The cybersecurity industry is focused on compliance and liability rather than actual security outcomes
  • Criminalizing ransom payments would remove the economic incentive and force companies to invest in prevention instead
The Ransomware Gap: Activity Outpaces Security Spending 3-to-1 | TD Stuff