The cybersecurity landscape became increasingly fractured in 2024 as ransomware attacks increased, according to a cybersecurity and corporate intelligence consultancy. In its Cyber Incidents Insights Report, London-base S-RM says that the UK’s National Crime Agency (NCA), among other law enforcers globally, stepped up action to combat threat actors.
The report outlines the dominant trends observed in 2024 and provides an outlook for 2025. Developments included: over 2024, the firm’s Incident Response team encountered more cyber threat actors than ever – 53 separate threat actors, a 96 per cent increase from 27 in 2023. This trend according to the consultancy reflects an increasingly fractured threat landscape, with established groups hampered by the efforts of law enforcement and the barriers of entry for new entrants lower than ever.
Over a third of the incidents the firm responded to involved ransomware, making it the leading incident category for the third year running. The rate of growth, however, may have slowed slightly, according to the report. The number of organisations posted on ransomware and data-theft leak sites grew by 13 per cent in 2024, down from 70pc growth the prior year.
Ransom payments
While the threat actors multiply and become increasingly brazen, the firm has observed that victims are becoming more resilient to ransom demands. Since 2022, the proportion of incidents the team has responded to that resulted in a ransom payment has nearly halved. As for the cyber method of entry, exploited vulnerabilities in public-facing systems accounted for 39 per cent% of extortion cases S-RM supported in 2024. The firm also observed a 53pc increase the number of small businesses named on ransomware leak sites. Competition among ransomware groups has broadened the scope of organisations targeted by threat actors, the firm suggests.
Jamie Smith, Global Managing Director of Cyber Security at S-RM, said: “While the proportion of threat actors nearly doubled in 2024, we’ve seen that five groups make up 39pcof all incidents reported – down from 53pc the previous year. This fragmentation is being driven by the break up of big ransomware groups and the ever lower barriers to entry for new threat actors.
“The behaviour of these groups has been difficult to predict and their credibility even tougher to assess, but their motivations remain consistent; financial gain. However, action from groups like the NCA in the UK, and other law enforcement groups globally, has had a positive impact. In 2024, varied approaches helped take down major Ransomware as a Service (RaaS) actors, playing a crucial role in disrupting criminal syndicates by undermining their security and anonymity.”
For more
Access the full 2025 Cyber Incident Insights Report on S-RM’s website: https://www.s-rminform.com/cyber-incident-insights-report-2025. The company has nine international offices including New York and Washington DC. Specialising in incident response and proactive cybersecurity risk management, the firm advises companies ranging from insurers and blue-chip corporates to financial institutions.
