KnowBe4, a leading provider of cybersecurity and human risk management solutions, is shining a spotlight on the role social engineering plays in the global surge of ransomware attacks, and encouraging organizations to reflect on how human risk contributes to ransomware exposure.
This call to action comes as KnowBe4’s research highlights a concerning 57.7 percent increase in ransomware payloads delivered through phishing attacks between November 1, 2024, and February 15, 2025, compared to the preceding three months. Commonly considered the most common initial access vector for ransomware into an organization, this alarming trend underscores phishing’s pivotal role in the rise of ransomware incidents.
Industry data continues to underscore the severity of ransomware on organizations, with global damages projected to reach $275 billion annually by 2031. In addition, the 2025 Verizon Data Breach Investigations Report highlights that ransomware was involved in 44 percent of all analyzed breaches, which was up from 31 percent the previous year.
As the volume and fallout of successful ransomware attacks increase in 2025, KnowBe4 shares five top tips for organizations to strengthen their human defenses:
- Tailor Cybersecurity Training by Role. Offer timely, role-specific personalized training that directly addresses the unique threats and responsibilities of different departments, helping to dramatically reduce employee behaviors often exploited by ransomware attackers.
- Run Realistic Phishing Simulations. Regularly conduct real-world phishing simulations that mimic current threat tactics to build employees’ critical thinking skills and instinctive resistance against ransomware delivery methods.
- Promote a No-Blame Reporting Culture. Foster an environment where employees feel safe and empowered to immediately report any suspicious emails or activities, even if they have made a mistake, enabling faster ransomware containment and incident response.
- Keep Ransomware Awareness Front and Center. Implement continuous awareness campaigns through ongoing reminders, visuals, and regular communication to reinforce vigilance and ensure ransomware threats remain top-of-mind for the entire workforce.
- Utilize Advanced Anti-Phishing Technology. Support employees with advanced anti-phishing technology that employs AI and machine learning to detect and neutralize sophisticated phishing attacks, including zero-day threats carrying ransomware payloads, before they ever reach an employee’s inbox.
For more information, visit www.knowbe4.com.