The financial impact of ransomware attacks is climbing even as the number of cyber insurance claims falls, according to new data from cyber risk specialist Resilience.

In the first half of 2025, the average cost of an individual ransomware attack rose by 17%, while the volume of incurred claims across Resilience's portfolio dropped by more than half (53%), highlighting the persistent and destructive threat of financially motivated cybercrime.

Ransomware accounted for almost all (91%) of incurred losses in Resilience’s portfolio in the first six months of 2025. The firm said cyber criminals are using increasingly sophisticated and profitable extortion tactics, including AI-powered social engineering, double extortion – attacks that demand two separate payments, one for data decryption and another to prevent public data release – and the theft of an organisation’s cyber insurance policy to better benchmark and set higher ransom demands.

Vishaal Hariprasad, CEO of Resilience, said: “Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before.

“Cyber crime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”

Resilience’s mid-year 2025 cyber risk report found that healthcare, retail, and manufacturing remained the most targeted sectors, with manufacturing facing several ransomware incidents generating claims averaging over US$1m in severity, and healthcare experiencing extortion demands as high as US$4m.

---