Ransomware losses rise despite fewer insurance claims

Mid-year data from Resilience shows that average costs per ransomware incident rose by 17 % in 2025, even though the number of claims resulting in losses dropped by 53 % compared to the same period in 2024.

Ransomware now accounts for 91 % of incurred losses in their portfolio, and threat actors are leaning on more aggressive methods, AI-augmented social engineering, double extortion (data release + decryption), and even theft of the target’s cyber policy to benchmark demands.

Insurance carriers are responding by tightening underwriting, raising premiums, and shrinking coverage. Many organizations are finding that policy limits and exclusions leave them exposed to escalation risk.

The diverging trends (fewer claims but higher severity) suggest that attackers are becoming more selective and ruthless, chasing high-value targets or squeezing more from each breach.

For organizations, this means bolstering prevention, detection, and response capabilities investing in segmentation, resilient backups, incident war rooms, and negotiating preparedness. Relying solely on insurance is no longer sufficient.