Recent research by Cybersmart has revealed that nearly half (45%) of MSPs admitted to having a dedicated pool of money set aside for ransomware payments. This is despite increasing pressure from insurers and global governments to avoid paying ransoms to stop fuelling criminal enterprises and encourage proactive resilience.
Historically, the guidance and best practice around ransomware payments has been notoriously poorly defined. In a bid to make things clearer, in early 2025, the UK government proposed a targeted ban on ransomware payments for public sector bodies and critical national infrastructure (CNI). The survey results indicate that MSPs suffer from a lack of clarity around best practices for ransomware. What’s more, this uncertainty is likely to filter down to their clients, meaning the case for legislative guidance on this issue has never been clearer.
Additionally, the research found that, whilst 45% of MSPs have a dedicated kitty for ransom payments, 36% opt to protect themselves with cyber insurance instead. Worryingly, 11% of MSPs have no dedicated budget for ransomware payments or cyber insurance, in many cases leaving them without a contingency plan for if something goes wrong, which could lead to potentially ruinous financial and reputational fallout.
Despite many budgeting for ransomware-related incidents, MSP leaders named AI as the top cause of concern for their organisation (44%), ahead of ransomware/malware (40%). Shockingly, AI did not rank among respondents’ top concerns in the 2024 report, emphasising its remarkable rise to prominence over the past 12 months. In 2025, Forbes labelled 2024 “a landmark year in the evolution of AI”. With cybercriminals quick to innovate when new tech becomes available, hackers have started harnessing the technology to write phishing emails, create convincing deepfakes and create malware, among other nefarious activities. In 2024, 67% of MSPs reported an AI-based attack and this is likely to grow in 2025 as attackers increasingly weaponise generative AI, Agentic AI and deepfake technology.
Worryingly, AI is one of the threats most MSPs are least well-equipped to deal with, due to the lack of easy-to-use tools to counter AI-powered attacks, and this gap leaves SMEs especially vulnerable. The scale and speed of AI-powered threats, as well as the lack of skilled and dedicated professionals to deal with them, can be challenging for time and resource-strapped teams. This means that clients may rely more heavily on MSPs for support in this area. Already, the report found that 84% of respondents noted that their customers now expect them to manage either their cybersecurity infrastructure or their cybersecurity and IT estate combined.
“With customers relying more on MSPs for cybersecurity, it is essential that MSPs are cyber secure and cyber confident themselves, which means tackling the evolving threat landscape head-on,” said Jamie Akhtar, CEO and Co-Founder of CyberSmart. “Organisations shouldn’t rely on ransomware payments; rather, they should partner with organisations that can help proactively secure them.”
