Report: Ransomware Attacks Costlier as Threat Actors Become More Systematic

The year-over-year average cost of individual ransomware attacks rose by 17% in the first half of 2025, a portfolio claims analysis from cyber risk firm Resilience shows.

The new report found that successful attacks are becoming more expensive, a trend that goes beyond inflation and is “a sign that threat actors are becoming more systematic in how they target and exploit organizations,” the report asserts.

Ransomware attacks accounted for 76% of the Resilience portfolio’s incurred losses in the first half of the year. When including losses from a vendor experiencing ransomware, that number jumped to 91%. Social engineering (such as phishing and financial manipulation attacks) accounted for 60% of incurred losses.

“This pattern highlights a key insight: Although there are many types of cyberattacks happening all the time, ransomware causes the most severe financial damage,” the report said. “That makes it the top priority for risk management and insurance strategies.”

Ransomware made headlines across the insurance industry earlier this summer when the Google Threat Intelligence Group warned that the Scattered Spider cybercrime group had shifted its sights from retailers to carriers. This came after cybersecurity incidents at Erie Insurance, Philadelphia Insurance Cos. and Aflac made headlines in the trade press.

In its new report, Resilience found that total ransomware attack volume is increasing.

Related: Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections

Resilience’s report highlighted the 4,310 publicly disclosed ransomware attacks that occurred in the first six months of 2025. That marked a sharp increase from the second half of 2024, which saw 3,057 attacks. The number of total attacks floated in the mid- to high-2,000s from 2023 through the first six months of 2024.

“Financial incentives are driving cybercriminals to be more clever and creative, and companies are facing larger losses than ever before,” Vishaal Hariprasad, co-founder and CEO of Resilience, stated in a press release. “Cybercrime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”

Instead of relying on advanced malware or zero-day exploits, cybercriminals are increasingly perfecting the use of carefully crafted phone calls and impersonation schemes, the report shows. Among companies in the Resilience portfolio, researchers reported that newer, more volatile actors rose to prominence in the first half of 2025.

Scattered Spider, for example, ranked third in ransomware gangs attacking the portfolio. Interlock held the highest percentage (37%), followed by Chaos (23%). Seventeen percent of attacks came from Scattered Spider, followed by Cactus (9%) and Akira (8%).

Resilience data shows that 79% of clients who were attacked with ransomware over the entire lifetime of the company’s portfolio avoided paying a ransom. However, for ransomware attacks that lead to incurred claims, the average claim in 2025 so far is more than $1.18 million—up significantly from the average loss of $705,000 in 2024.

Interestingly, cyber insurance claims notice frequency in Resilience’s portfolio decreased 53% year-over-year between the first halves of 2024 and 2025. (Resilience reported that claim notifications jumped 86% and vendor-related incidents went from zero to 21% of incurred losses in 2024.)

Nonetheless, Jeremy Gittler, global head of claims at Resilience, is quoted in the report saying that the drop doesn’t tell the whole story.

“Yes, we’re seeing fewer incidents escalate to incurred losses,” he said, “but when they do hit, they’re hitting harder. The 17% increase in ransomware claims losses shows that in their approach.”