San Francisco, CA – September 9, 2025 – The financial fallout of ransomware attacks is climbing even as the number of cyber insurance claims falls, according to new data from Resilience, a leading cyber risk solutions company. In the first half of 2025, the average cost of an individual ransomware attack rose by 17%, while the volume of incurred claims across Resilience’s portfolio dropped by more than half (53%), highlighting the persistent and destructive threat of financially motivated cybercrime.
Ransomware accounted for almost all (91%) of incurred losses in Resilience’s portfolio in the first six months of 2025. Cyber criminals are using increasingly sophisticated and profitable extortion tactics, including AI-powered social engineering, double extortion (attacks that demand two separate payments, one for data decryption and another to prevent public data release), and the theft of an organization’s cyber insurance policy to better benchmark and set higher ransom demands. These new strategies are fueling a threat landscape where fewer attacks can still cause immense financial damage.
“Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before,” said Vishaal “V8” Hariprasad, Co-Founder and CEO of Resilience. “Cyber crime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”
By translating trends in the threat landscape into concrete financial consequences, this data offers a rare glimpse into the threat landscape as well as the cyber defense strategies with the highest potential ROI. Published today, Resilience’s Midyear 2025 Cyber Risk Report leverages data from the company’s Risk Operations Center (ROC) and insurance claims portfolio to analyze trends in hacking activity and industry responses in the first half of 2025. Additional report findings include:
- Financially motivated social engineering, especially via tailored attacks bolstered by AI-powered phishing content, fueled a disproportionate share of incurred losses (88%).
- Vendor-driven claims notifications fell from 37% to 26% of all claims, a 30% drop; however, vendor-related claims still accounted for 15% of incurred losses estimated so far this year.
- Healthcare, retail, and manufacturing remained the most targeted sectors, with manufacturing facing several ransomware incidents generating claims averaging over $1 million in severity, and healthcare experiencing extortion demands as high as $4 million.
- While 78% of Resilience clients over all time have avoided paying a ransom, threat groups such as Interlock, Chaos, Medusa, Akira, and Nightspire were the primary drivers of attacks on the Resilience portfolio in H1 2025.
“Our latest research highlights encouraging progress in our portfolio: a deep drop in overall claims and fewer disruptive vendor-related incidents,” said Jeremy Gittler, Global Head of Claims at Resilience. “While that’s certainly good news, we can’t let that distract from the increased attack intensity we’re witnessing. It’s that metric—the dollars-and-cents of successful attacks—that we must understand and leverage to better defend ourselves and build cyber resilience.”
To read the full report, see here. For more information about Resilience, visit www.cyberresilience.com.
