A portfolio claims analysis shared by Resilience, a cyber risk solution
s company, showed the year-over-year average cost of individual ransomware attacks rose by 17% in the first half of 2025.
The new report found that successful attacks are becoming more ex
pensive. The trend goes beyond inflation, Resilience added, adding that “it’s a sign that threat actors are becoming more systematic in how they target and exploit organizations.”
Ransomware attacks accounted for 76% of the Resilience portfolio’s incurred losses in the first half of the year.
When including losses from a vendor experiencing ransomware, that number jumped to 91%
. Social engineering (such as phishing and financial manipulation attacks) accounted for 60% of incurred losses.
“This pattern highlights a key insight: Although there are many types of cyberattacks happening all the time, ransom
ware causes the most severe financial damage,” Resilience said. “That makes it the top priority for risk management and insurance strategies.”
Ransomware made headlines across the insurance industry earlier this summer when the Google Threat Intelligence Group warned that the Scattered Spider cy
bercrime group had shifted its sights from retailers to carriers. This came after cybersecurity incidents at Erie Insu
rance, Philadelphia Insurance Cos. and Aflac made headlines in the trade press.
See more beautiful photo albums Here >>>
In its new report, Resilience said total ransomware attack volume is increasing.
Related: Cyber Outlook Report Finds Gaps, Outlines Holistic Approach to Protections
The cybersecurity and insurance provider included a chart highlighting 4,310 publicly disclosed ransomware attacks from the first six months of 20
25, compared with 3,057 attacks from the previous six months. The number of total ransomware incidents flo
ated in the mid- to high-2,000s from 2023 through the first six months of 2024.
“Financial incentives are driving cybercriminals to be more clever and creative, and companies are facing larger los
ses than ever before,” Vishaal “V8” Hariprasad, co-founder and CEO of Resilience, said in a statement.
“Cybercrime comes in waves,” he added. “Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial conseq
uences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”
Resilience said cybercriminals are increasingly perfecting the use of carefully crafted phone calls and impersonation schemes instead of relying on advanced malware or zero-day exploits. Among companies in the Resilience portfolio, researchers reported newer, more volatile actors rose to prominence in the first half of 2025.
Scattered Spider, for example, ranked third in ransomware gangs attacking the portfolio. Interlock held the highest percentage (37%), followed by Chaos (23%). Seventeen percent of attacks came from Scattered Spider, followed by Cactus (9%) and Akira (8%).
Resilience said 79% of its clients who were attacked by ransomware over the entire lifetime of the company’s portfolio avoided paying a ransom. For ransomware attacks that lead to incurred claims, the average claim thus far in 2025 is more than $1.2 million—up from an average loss of $705,000 in 2024.