Black Kite Ransomware Susceptibility Index® (RSI™) FAQ

How We Sharpened RSI: From 27x to 96x

Previously, we repor ted that companies with an RSI value above 0.8 were 27 times more likely to suffer a ransomware attack than those below 0.2.

In 2025, that number jumped to 96 times—a dramatic increase in predictive power.

What changed?

The answer lies in the strategic calibration of RSI conducted in June 2023, which allowed us to better reflect the mindset and evolving playbook of ransomware groups. That recalibration wasn’t just a tweak—it was a data-driven overhaul based on real-world shifts in threat actor behavior and victim profiles.

More Signals, Smarter Risk Scoring: We expanded our intelligence base by incorporating stealer logs as a core indicator. These logs, harvested from infected machines and sold in bulk across the dark web and Telegram, are now a go-to resource for ransomware affiliates to identify soft targets. By adding this signal to our RSI, we captured high-risk exposure that was previously invisible.
Precision in Profiling Small Business Targets: In parallel, our analysis revealed a stark shift in victim demographics. As large ransomware groups like LockBit and AlphV collapsed or fragmented, new and mid-tier groups filled the gap—groups with fewer resources, less infrastructure, and no appetite for global headlines. Their sights turned to smaller companies: still profitable, but less likely to draw law enforcement or media attention. The 2023 calibration adjusted RSI to reflect this trend, increasing susceptibility scores for companies under $20M in annual revenue, especially in sectors like legal services, healthcare, and professional tech services. That recalibration widened the RSI distribution—bringing hidden risk into sharper focus.
Fewer Outliers, Tighter Thresholds: Before the 2023 recalibration, RSI distributions were flatter. Many companies clustered below 0.5—even if they were highly exposed. The updated methodology shifted the average RSI by +0.1–0.2 and reduced low-end saturation, creating a clearer separation between low, moderate, and high risk.

The Result: Clearer Signal, Sharper Correlation

Thanks to these refinements, RSI has become more than a risk indicator—it’s now a predictive lens. In the current dataset:

Just 0.82% of companies scored above 0.8 RSIX
Of those, 47.3% were hit by ransomware
Companies below 0.2 RSI had a 0.5% victim rate.

That 96x delta isn’t inflated. It’s the result of aligning RSI with how threat actors think, act, and select

targets in today ’s fractured ransomware landscape.

And with every year, as tactics evolve and Black Kite’s visibility deepens, RSI grows more precise. This

year ’s jump isn’t an anomaly—it’s proof that continuous calibration, powered by threat intelligence and

victim telemetry, works.

Learn more at https://blackkite.com/ransomware-susceptibility-index/

What changed?

More Signals, Smarter Risk Scoring: We expanded our intelligence base by incorporating stealer logs as a core indicator. These logs, harvested from infected machines and sold in bulk across the dark web and Telegram, are now a go-to resource for ransomware affiliates to identify soft targets. By adding this signal to our RSI, we captured high-risk exposure that was previously invisible.

Precision in Profiling Small Business Targets: In parallel, our analysis revealed a stark shift in victim demographics. As large ransomware groups like LockBit and AlphV collapsed or fragmented, new and mid-tier groups filled the gap—groups with fewer resources, less infrastructure, and no appetite for global headlines. Their sights turned to smaller companies: still profitable, but less likely to draw law enforcement or media attention. The 2023 calibration adjusted RSI to reflect this trend, increasing susceptibility scores for companies under $20M in annual revenue, especially in sectors like legal services, healthcare, and professional tech services. That recalibration widened the RSI distribution—bringing hidden risk into sharper focus.

Fewer Outliers, Tighter Thresholds: Before the 2023 recalibration, RSI distributions were flatter. Many companies clustered below 0.5—even if they were highly exposed. The updated methodology shifted the average RSI by +0.1–0.2 and reduced low-end saturation, creating a clearer separation between low, moderate, and high risk.

The Result: Clearer Signal, Sharper Correlation

Thanks to these refinements, RSI has become more than a risk indicator—it’s now a predictive lens. In the current dataset:

Just 0.82% of companies scored above 0.8 RSIX

Of those, 47.3% were hit by ransomware

Companies below 0.2 RSI had a 0.5% victim rate.

That 96x delta isn’t inflated. It’s the result of aligning RSI with how threat actors think, act, and select

targets in today ’s fractured ransomware landscape.

And with every year, as tactics evolve and Black Kite’s visibility deepens, RSI grows more precise. This

year ’s jump isn’t an anomaly—it’s proof that continuous calibration, powered by threat intelligence and

victim telemetry, works.

Black Kite Ransomware Susceptibility Index® (RSI™) FAQ

How We Sharpened RSI: From 27x to 96x

What changed?

The Result: Clearer Signal, Sharper Correlation

Got 25 Minutes?

Black Kite Ransomware Susceptibility Index® (RSI™) FAQ

How We Sharpened RSI: From 27x to 96x

What changed?

The Result: Clearer Signal, Sharper Correlation

Got 25 Minutes?