Skip to main content
close search
site logo
Dive Brief

Ransomware insurance losses spike despite fewer claims: Resilience

AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the cybersecurity firm said.

Published Sept. 9, 2025
Alexei Alexis's headshot
Reporter
A man faces multiple computer screens.
South_agency via Getty Images

Dive Brief:

  • The financial fallout of ransomware attacks is climbing even as the number of cyber insurance claims falls, cyber risk management firm Resilience said in a report released Tuesday.
  • During the first half of the year, ransomware attacks grew in costliness, now accounting for 76% of incurred losses, according to the research, which was based on an analysis of Resilience’s internal insurance claims.
  • “Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before,” Resilience CEO Vishaal Hariprasad said in a press release. “Cyber crime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses.”

Dive Insight:

Ongoing efforts to combat ransomware have yielded limited gains, according to the Resilience study, which aligns with other recent reports.

The average ransom demand made to retail organizations reached $2 million this year, a two-fold increase compared with 2024, according to an August report by cybersecurity company Sophos. Yet, in a positive sign, the average cost of recovering from a ransomware attack, excluding any ransom payment, has dropped by 40% during the past year to $1.65 million, the lowest point in three years, Sophos found.

“These trends suggest that, while threat actors are demanding more, retail organizations are becoming more resilient by improving recovery processes and potentially holding firmer in ransom negotiations,” according to a blog post on the Sophos research.

The Resilience report highlighted silver linings as well. In the first half of 2025, the volume of incurred claims across Resilience's portfolio dropped by more than half (53%). Also, the Resilience portfolio has seen significantly low payment rates at just 22% in 2024, the cyber risk management firm said.

Still, ransomware attacks remain costly and disruptive, Resilience said. Among Resilience clients, the average insurance loss from a ransomware attack in 2025 so far exceeds $1.18 million, according to the analysis. In 2024, a ransomware attack incurred an average loss of $705,000.

Cyber criminals are using increasingly sophisticated extortion tactics, including artificial intelligence-powered social engineering and “double extortion” — demanding a ransom payment for both data decryption and to prevent its public release, the report said. The evolving ransomware playbook also has included theft of cyber insurance policies to better benchmark and set higher ransom demands, it said.

“These new strategies are fueling a threat landscape where fewer attacks can still cause immense financial damage,” Resilience said in its release.

Editors' picks

Company Announcements

View all | Post a press release
Workiva Unveils Intelligent Finance, GRC, and Sustainability to Accelerate AI Transformation f…
From Workiva
September 09, 2025
Workiva logo
Finnt introduces AI Agents for Corporate Finance teams
From Finnt
September 04, 2025
Finnt logo
TigerEye Achieves ISO/IEC 42001 Certification, the Global Standard for Responsible AI
From TigerEye
August 28, 2025
TigerEye logo
WRI Study Finds Only 12% of Companies Set Goals to Support People in Their Supply Chains
From World Resources Institute
August 26, 2025
World Resources Institute logo
Editors' picks
Latest in Technology
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.