Cyber Claims Report Shows Ransomware Claims Frequency Remains Steady

Cyber-attacks continue to rise globally while ransomware claims frequency remains steady, a new report shows.

Cowbell released its 2025 Cyber Claims Report this week, which depicts a continually evolving landscape in which cyberattacks are no longer isolated disruptions—they’re part of a growing, coordinated threat targeting vulnerable systems, understaffed teams and critical industries with unprecedented precision.

The report reveals how today’s cybercriminals are refining their strategies, while insurers and businesses race to stay ahead, outlining the rising frequency and sophistication of cyber incidents, especially ransomware.

According to a report from the National Association of Insurance Commissioners, in 2024, the U.S. cyber insurance market recorded 33,561 claims.

However, while overall claims continued to rise sharply, ransomware claims held steady, accounting for 17% to 19% of Cowbell’s portfolio over the past two years. The financial impact of these attacks has eased slightly: average ransom payments declined by 20.5%, reflecting better incident response and negotiation tactics, according to the authors of the report.

The report shows that five groups were responsible for nearly 48% of severe ransomware incidents: Akira (17.4%, Play (9.2%), LockBit (7.7%), Fog (7.2%) and RansomHub (6.2%). These groups often exploited preventable flaws, including unpatched systems and misconfigured email accounts, which remain surprisingly common across industries, according to the report.

Beyond ransomware, phishing remains the No. 1 attack vector, often serving as the entry point for more complex crimes such as business email compromise (BEC), data breaches and funds transfer fraud. In 2024, the FBI received 193,000 phishing complaints, reinforcing the persistent threat posed by social engineering. Data breaches made up 34% of claims, cybercrime-related incidents comprised 30% and extortion events comprised 19%, according to Cowbell.

Sectors most frequently targeted include professional services, education, healthcare, construction, and manufacturing, all of which depend on sensitive data and uninterrupted operations. Healthcare providers face heightened pressure because downtime affects patient safety, while manufacturers risk millions in lost production if systems go down, the report shows.