Report: Ransomware Attackers ‘More Systematic,’ Claims Become Costlier

A portfolio claims analysis shared by Resilience, a cyber risk solutions company, showed the year-over-year average cost of individual ransomware attacks rose by 17% in the first half of 2025.

The new report found that successful attacks are becoming more expensive. The trend goes beyond inflation, Resilience added, adding that “it’s a sign that threat actors are becoming more systematic in how they target and exploit organizations.”

Ransomware attacks accounted for 76% of the Resilience portfolio’s incurred losses in the first half of the year. When including losses from a vendor experiencing ransomware, that number jumped to 91%. Social engineering (such as phishing and financial manipulation attacks) accounted for 60% of incurred losses.

“This pattern highlights a key insight: Although there are many types of cyberattacks happening all the time, ransomware causes the most severe financial damage,” Resilience said. “That makes it the top priority for risk management and insurance strategies.”

Ransomware made headlines across the insurance industry earlier this summer when the Google Threat Intelligence Group warned that the Scattered Spider cybercrime group had shifted its sights from retailers to carriers. This came after cybersecurity incidents at Erie Insurance, Philadelphia Insurance Cos. and Aflac made headlines in the trade press.

In its new report, Resilience said total ransomware attack volume is increasing.

The cybersecurity and insurance provider included a chart highlighting 4,310 publicly disclosed ransomware attacks from the first six months of 2025, compared with 3,057 attacks from the previous six months. The number of total ransomware incidents floated in the mid- to high-2,000s from 2023 through the first six months of 2024.

“Financial incentives are driving cybercriminals to be more clever and creative, and companies are facing larger losses than ever before,” Vishaal “V8” Hariprasad, co-founder and CEO of Resilience, said in a statement.

“Cybercrime comes in waves,” he added. “Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”

Resilience said cybercriminals are increasingly perfecting the use of carefully crafted phone calls and impersonation schemes instead of relying on advanced malware or zero-day exploits. Among companies in the Resilience portfolio, researchers reported newer, more volatile actors rose to prominence in the first half of 2025.

Scattered Spider, for example, ranked third in ransomware gangs attacking the portfolio. Interlock held the highest percentage (37%), followed by Chaos (23%). Seventeen percent of attacks came from Scattered Spider, followed by Cactus (9%) and Akira (8%).

Resilience said 79% of its clients who were attacked by ransomware over the entire lifetime of the company’s portfolio avoided paying a ransom. For ransomware attacks that lead to incurred claims, the average claim thus far in 2025 is more than $1.2 million—up from an average loss of $705,000 in 2024.

Interestingly, cyber insurance claims-notice frequency in Resilience’s portfolio decreased 53% year-over-year between the first halves of 2024 and 2025. (Resilience reported that claim notifications jumped 86% and vendor-related incidents went from zero to 21% of incurred losses in 2024.)

Nonetheless, Jeremy Gittler, global head of claims at Resilience, said the drop doesn’t tell the whole story.

“We’re seeing fewer incidents escalate to incurred losses,” he said, “but when they do hit, they’re hitting harder. The 17% increase in ransomware claims losses shows that in their approach.”

Topics Cyber Claims

Was this article valuable?