Ransomware costs rise 17% despite fewer claims overall

Report takeaways:

• 56% of H1 2025 cyber claims were due to ransomware
• Turf wars are erupting among ransomware affiliates competing for territory
• Global ransomware attacks increased 73% due to changes among threat actors

Cyber risks continue to evolve and the Resilience 2025 Midyear Cyber Risk Report finds that while the company experienced 53% fewer cyber claims across its portfolio, the cost of ransomware attacks increased by 17%.

According to the report, during the first six months of 2025, ransomware accounted for 91% of incurred losses, with bad actors becoming more sophisticated in their attack methods and extortion tactics. These included AI-powered social engineering, double extortion attacks that demanded a payment to decrypt the data and then a second one not to release the information publicly, as well as the theft of companies' cyber policies so the cyber criminals would know the limits for their ransom demands.

"The 53% drop in claims doesn't tell the whole story," shared Jeremy Gittler, global head of claims in the Resilience report. "Yes, we're seeing fewer incidents escalate to incurred losses, but when they do hit, they're hitting harder. The 17% increase in ransomware claims losses shows the cybercriminals are becoming more selective and more devastating in their approach."

Business interruption for vendors also played a significant role behind ransomware events. In 2024, vendor-related incidents that impacted companies like CDK Global and Change Healthcare accounted for 37% of the claims in Resilience's portfolio and highlighted the impact of compromised vendors on entire industries. Ransomware attacks focusing on vendors comprised 18% of incurred losses in 2024. In 2025, that number has dropped to 15% of H1 losses.

"Financial incentives are driving cyber criminals to be more clever and more creative, and companies are facing larger losses than ever before," said Vishaal "V8" Hariprasad, co-founder and CEO of Resilience in a statement. "Cybercrime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root."

When cyberattacks are successful, they are also more expensive, increasing 17% year-over-year in cost. The report says this is not just due to inflation, but because bad actors are becoming more systematic in their attacks, such as the Scattered Spider threat group which focused on several UK and U.S. retailers, aviation firms (Qantas) and even insurers (Philadelphia Insurance Companies, Aflac and Erie Insurance) over the last several months. The company expects to see similar campaigns in the future.

The threat actor gangs that attacked the Resilience portfolio included: Interlock (37%), Scattered Spider (17%), Chaos (23%), Cactus (9%), Akira (8%) and several others that accounted for only one or two percent of the losses.

The role of AI in cyberattacks

As the integration of artificial intelligence makes life easier for many, it is definitely helping threat actors to be more successful in their endeavors. CrowdStrike's 2025 Threat Hunting Report found that AI-generated phishing campaigns are successful 54% of the time as compared to just 12% of more traditional attempts. Part of the reason is that browser-based attacks can circumvent multi-factor authentication and can be challenging to detect.

Within the Resilience portfolio, social engineering resulted in 57% of incurred claims and 60% of incurred losses for the first half of 2025.

The report also stated that attacks aren't just limited to emails as phishing is making it easier for credentials to be collected through infostealers with over 1.8 billion stolen in the first half of 2025 according to the Resilience Risk Operations Center.