U .S. state and local government organisations faced persistent ransomware pressure throughout 2025 and into 2026, with attacks disrupting payments, emergency responses, and access to records across city, county, school, court, and public safety sectors. Verizon’s 2025 DBIR found ransomware in 44% of breaches overall and in 30% of public sector breaches, underscoring that government bodies are not merely exposed to the trend but are inside it.
Staffing and funding constraints amplify risk, with more than 80% of surveyed SLTT organisations reporting fewer than five dedicated cybersecurity staff and 70% citing insufficient funding as a top security concern, according to KnowBe4 report.
The financial impact is substantial: the Comparitech study cited by KnowBe4 notes an average ransom demand of $872,656 and downtime costs exceeding $1.09 billion across 525 attacks on government organisations, while Sophos State of Ransomware 2025 puts average recovery costs at $1.53 million.
Real incidents in 2025–26, such as the Mission, Texas attack in February 2025 and the New Britain, Connecticut incident in January 2026, illustrate how disruptions can affect multiple departments and services even when emergency operations continue. According to Sophos and Verizon data, attacks increasingly blend credential theft, data exfiltration, and encryption, making layered defences and early detection essential for public sector resilience.