Ransomware payments are down, AI-driven threats are rising, and cyber attacks remain the leading cause of IT disruption, according to Databarracks’ 2025 Data Health Check.

Now in its 18th year, the annual report draws on responses from 500 IT professionals across UK organisations. While findings show improvements in preparedness, they also reveal a shifting threat landscape, and a growing recognition of the need for integrated resilience strategies.

Cyber threats remain the most common cause of downtime and data loss for the third consecutive year, with 71% of organisations reporting an attack in the past 12 months. Artificial intelligence emerged as the biggest perceived risk on the horizon, with deepfakes and other AI-driven attacks topping the resilience agenda.

Testing has become central to best practice, according to the report, with 90% of organisations having tested at least one element of their recovery capabilities in the past year – a significant increase on last year’s findings. However, confidence in recovery has slightly dipped, suggesting those tests are exposing resilience gaps rather than simply validating existing plans.

The report also highlights a widening gap between large and small organisations, with SMEs less likely to have adequate cyber planning and continuity strategies in place. Addressing that divide is flagged as a key challenge for the year ahead.

James Watts, managing director at Databarracks, said this year’s findings show that resilience isn’t standing still – but nor are the threats.

“The rise in AI-driven attacks and the sheer volume of cyber incidents are forcing organisations to become more agile and better prepared. It’s encouraging to see testing now recognised as the gold standard. Nine in ten organisations tested their recovery in the last year. But we can’t afford to stop there. Recovery confidence is falling slightly, suggesting that testing is revealing gaps, not just ticking boxes. That’s the whole point – realistic testing leads to real improvement.”

Chris Butler, resilience director at Databarracks, added: “There’s a clear shift happening in how organisations view resilience. The focus is no longer just IT – it’s about integrating cyber, risk, continuity and crisis management into one coordinated approach.”

AI-driven threats are the clearest example of this, he explained, being more than just a technical risk – affecting reputation, communications and trust, and making integrated resilience a top priority for large and medium-sized organisations.

“The good news is that organisations are responding,” he added. “In the last 12 months, three-quarters have conducted security reviews in response to threats. And ransomware responses show real progress – most victims now recover without paying, thanks to air-gapped and immutable back-ups.”

Despite the risks, optimism is rising. Seventy-two percent of organisations believe AI will strengthen security in the long term, underlining the dual role of new technology as both threat and opportunity.

---