News from the Wire

Ransomware costs jump 17% in 2025 despite fewer cyberinsurance claims

Tuesday, September 09, 2025 — 16:55:02 (UTC)

SAN FRANCISCO, Sept. 9, 2025 /PRNewswire/ -- The financial fallout of ransomware attacks is climbing even as the number of cyber insurance claims falls, according to new data from Resilience, a leading cyber risk solutions company. In the first half of 2025, the average cost of an individual ransomware attack rose by 17%, while the volume of incurred claims across Resilience's portfolio dropped by more than half (53%), highlighting the persistent and destructive threat of financially motivated cybercrime.

Vendor related cyber risks lead to losses in 2024-25. Vendor related cyber risks lead to losses in 2024-25. Ransomware accounted for almost all (91%) of incurred losses in Resilience's portfolio in the first six months of 2025. Cyber criminals are using increasingly sophisticated and profitable extortion tactics, including AI-powered social engineering, double extortion (attacks that demand two separate payments, one for data decryption and another to prevent public data release), and the theft of an organization's cyber insurance policy to better benchmark and set higher ransom demands. These new strategies are fueling a threat landscape where fewer attacks can still cause immense financial damage.

"Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before," said Vishaal "V8" Hariprasad, Co-Founder and CEO of Resilience. "Cyber crime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root."

By translating trends in the threat landscape into concrete financial consequences, this data offers a rare glimpse into the threat landscape as well as the cyber defense strategies with the highest potential ROI. Published today, Resilience's Midyear 2025 Cyber Risk Report leverages data from the company's Risk Operations Center (ROC) and insurance claims portfolio to analyze trends in hacking activity and industry responses in the first half of 2025. Additional report findings include:

Financially motivated social engineering, especially via tailored attacks bolstered by AI-powered phishing content, fueled a disproportionate share of incurred losses (88%).

Vendor-driven claims notifications fell from 37% to 26% of all claims, a 30% drop; however, vendor-related claims still accounted for 15% of incurred losses estimated so far this year.

Healthcare, retail, and manufacturing remained the most targeted sectors, with manufacturing facing several ransomware incidents generating claims averaging over $1 million in severity, and healthcare experiencing extortion demands as high as $4 million.

While 78% of Resilience clients over all time have avoided paying a ransom, threat groups such as Interlock, Chaos, Medusa, Akira, and Nightspire were the primary drivers of attacks on the Resilience portfolio in H1 2025.

"Our latest research highlights encouraging progress in our portfolio: a deep drop in overall claims and fewer disruptive vendor-related incidents," said Jeremy Gittler, Global Head of Claims at Resilience. "While that's certainly good news, we can't let that distract from the increased attack intensity we're witnessing. It's that metric—the dollars-and-cents of successful attacks—that we must understand and leverage to better defend ourselves and build cyber resilience."

To read the full report, see here. For more information about Resilience, visit www.cyberresilience.com.

About Resilience Resilience helps organizations become cyber resilient to material losses by staying ahead of bad actors. Founded by experts from across the highest tiers of the US military and intelligence communities – and built by prominent leaders and innovators from the cybersecurity, technology, and insurance industries – Resilience is the world's first cyber risk company that offers risk quantification software, cybersecurity experts, and highly rated insurance in integrated solutions purpose-built for large and middle-market organizations.

Resilience is proud to be backed by leading technology investment firms, including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience is globally dispersed, with teams in New York, Chicago, Los Angeles, Baltimore, Toronto, London, Milan, Madrid, Stockholm, Rotterdam and Dublin. Resilience offers insurance coverage through its licensed and appointed insurance agents and security services through its expert security team. The Resilience Solution is available through all broker partners to clients in the United States, the United Kingdom, Canada, and Europe.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research