Ransomware Losses Climb While Cyber Claims Frequency Drops in 2025

Cyber insurance claims frequency dropped sharply in the first half of 2025, falling 53% compared to the same period in 2024, according to Resilience’s Midyear Cyber Risk Report. Average losses per claim also declined by 11%. However, ransomware losses told a different story—growing more severe, with average costs per claim rising 17% to over $1.18 million. Ransomware now accounts for 76% of all incurred losses, and up to 91% when including vendor-related events.

The report attributes the growing impact of ransomware to increasingly systematic and strategic attacks. Threat actors are exploiting AI-driven phishing and browser-based attacks to bypass common defenses, while escalating to double and even triple extortion—threatening to release stolen data or even harm executives. In 40% of ransomware cases over the past year, physical threats were made against company leaders. While successful ransom payments have decreased, the attacks remain highly disruptive and expensive.

The cyber threat landscape has been shaped by shifts in attacker behavior and the rise of new ransomware groups. Operational chaos caused by ransomware affiliate migrations and increased law enforcement pressure led to a Q1 surge in attacks. Though attack volume dropped in Q2, total ransomware incidents still exceeded the previous two quarters by 41%. In Resilience’s portfolio, ransomware incidents grew 65% by frequency in H1 2025 compared to the previous year.

Beyond ransomware, vendor-related disruptions and transfer fraud also emerged as key concerns. Vendor outages accounted for 22% of incurred losses in 2024 and 15% in 2025 so far. Transfer fraud, often driven by AI-enhanced social engineering, accounted for 26% of claims by frequency. The report emphasizes the need for improved cyber hygiene, stronger backups, encrypted data storage, and leadership-level education to withstand this evolving threat environment.