A global surge in ransomware attacks has driven demand for specialist negotiators who buy time and cut deals with hackers. Palo Alto Networks and Sophos report increased requests for their negotiation services as businesses face high-stakes talks with criminal gangs. The trend follows high-profile breaches including Marks and Spencer, Harrods, and Jaguar Land Rover, which lost more than £260mn.

Negotiators employ tactics like pretending to be low-level IT staff and slowing negotiations to one or two messages daily. The process involves gathering intelligence about attackers while helping companies decide whether to pay. Sophos notes most criminals demand 1-2% of a company's known revenue, providing negotiators opportunities to reduce payments and track criminal identities through IP addresses and cryptocurrency wallets.

Despite growing professionalization, experts warn that paying ransoms carries no guarantees. Sophos reports that less than half of 2025 cyber attacks involved ransom payments, down from 56% in 2024. This decline reflects both improved negotiation tactics and increased data backup measures. As cybersecurity regulation tightens globally, negotiators must navigate complex sanctions protocols while helping companies assess whether payment represents value or merely funds criminal enterprises.