The financial toll of ransomware attacks is climbing, even as the overall number of claims falls, according to new data from cyber risk solutions firm Resilience.
The company's Midyear 2025 Cyber Risk Report showed the average cost of an individual ransomware incident rose by 17% in the first half of this year, while incurred claims volumes dropped by more than half (53%).
The findings highlight a growing mismatch between claim frequency and claim severity, a trend with major implications for insurers and policyholders navigating a maturing but still volatile cyber insurance market.
Resilience's portfolio data shows ransomware remains the dominant driver of losses, accounting for 91% of incurred claims in the first half of 2025. Financially motivated social engineering, often enhanced by AI-driven phishing campaigns, was also a key contributor, linked to 88% of incurred losses, according to the data.
Healthcare, retail, and manufacturing were among the hardest-hit sectors. Manufacturers recorded average ransomware claims of more than $1 million, while healthcare providers faced extortion demands reaching as high as $4 million.
Vendor-related incidents fell in volume but still accounted for 15% of incurred losses, underscoring how supply chain vulnerabilities remain an attractive entry point for attackers.
For insurers, the shift from frequency to severity raises challenges in underwriting and pricing. After several years of sharp premium increases between 2021 and 2023, cyber insurance rates have begun to stabilize in 2024 and 2025. The reduced volume of claims has played a role in this moderation, but rising costs per incident suggest the market remains exposed to volatility.
Reinsurers, in particular, remain cautious about systemic cyber events, such as attacks on critical infrastructure or widespread cloud service providers, that could trigger large, correlated losses. Resilience’s data shows that even in the absence of mass-scale events, financially motivated criminal groups are capable of inflicting significant damage through targeted attacks.
Resilience CEO Vishaal Hariprasad said cybercrime continues to evolve in waves, with attackers quickly pivoting to new tactics once older ones are blocked. He argued that understanding the financial consequences of these shifts is essential for reducing losses, a priority shared by insurers seeking more sustainable models for cyber coverage.
