Ransomware Claim Costs Up 17% Due to Evolving Cybercrime Tactics
In the first half of 2025, the average cost of an individual ransomware attack rose by 17%, according to Resilience’s “Midyear 2025 Cyber Risk Report,” which compiled data from the company’s customers. However, the volume of claims dropped by 53%.
The trend points to increasingly sophisticated, profitable tactics used by financially motivated cybercriminals, who are becoming more focused and systematic in their exploits, the report said, pointing to the recent attacks by hacker group Scattered Spider that targeted the insurance sector.
The prevalence of artificial intelligence (AI) in social engineering has supercharged ransomware efforts. Financially motivated social engineering, especially aided by AI, fueled 88% of incurred losses. AI-generated phishing campaigns experience an average success rate of 54%, compared to 12% for traditional attempts.
Unlock insights to Take Your Agency to the Next Level
Additionally, cybercriminals are using double extortion attacks to demand two separate payments, one for data decryption and a second to prevent a public data release, the report said.
Another concerning trend is cybercriminals stealing their targets’ cyber liability insurance policies, which allows bad actors to set more informed ransom demands. The report notes one case where a threat actor found a copy of the client’s policy and placed their extortion demand below the insurance limit.
“Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before,” said Vishaal Hariprasad, co-founder and CEO of Resilience. “Cyber crime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses.”
“Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root,” Hariprasad said.
While 79% of businesses that were hit with ransomware were able to avoid paying a ransom, recovery can still be disruptive and costly. So far in 2025, the average claim is over $1.18 million, the report said. In 2024, it was $705,000. The most targeted sectors continue to be health care, retail and manufacturing, with the health care industry experiencing an average claims severity as high as $4 million.
Some good news: vendor-driven claims fell 30% in the first half of 2025. Although those claims still accounted for 15% of total incurred losses so far this year, it’s “encouraging progress” that joins with the positive trend of fewer claims overall, says Jeremy Gittler, global head of claims at Resilience.
More Industry News
“While that’s certainly good news, we can’t let that distract from the increased attack intensity we’re witnessing,” Gittler says. “It’s that metric—the dollars-and-cents of successful attacks—that we must understand and leverage to better defend ourselves and build cyber resilience.”
Resilience’s data shows that organizations with “robust backup systems, regular validation testing, and comprehensive business continuity planning are far less likely to submit to ransom demands,” the report said.
AnneMarie McPherson Spears is IA news editor.
