The first half of 2025 has shown an unusual pattern in the world of cyber insurance: there were fewer claims overall, but the ones that did come in were much more costly. A recent report from Resilience highlights this shift, revealing a 53% drop in claim notifications compared to the same period last year. However, ransomware attacks, especially those linked to third-party vendors, have become more targeted and damaging, leaving insurers and businesses on edge.
Jeremy Gittler, Resilience’s global head of claims, explained that while fewer incidents are turning into actual losses, the attacks that succeed are significantly more severe. Ransomware now accounts for 76% of financial losses in the sector, and when vendors are hit, this jumps to 91%. The average cost of a ransomware claim has risen sharply, from $705,000 in 2024 to over $1.18 million this year. Alarmingly, hackers are now finding and using information about insurance policy limits to tailor their ransom demands.
Even though fewer victims are paying ransoms—only 14% so far in 2025—new tactics like double and triple extortion continue to spread. These escalate the pressure on victims by adding extra threats, such as releasing stolen data or attacking other parts of their systems.
Risk tied to third-party vendors remains a major threat. While the portion of losses from vendor-related incidents dropped from 22% in 2024 to 15% in early 2025, the impact of these events can be huge. The recent data breach at Farmers Insurance, which exposed over a million customer records due to a vendor failure, shows just how damaging these attacks can be. Another example is the ransomware attack that took Nevada’s Division of Insurance offline in August, disrupting important state operations.
Phishing continues to be the most common way cybercriminals break in, responsible for 49% of losses in Resilience’s client base. New technology, especially AI-powered social engineering methods like browser-based phishing, SIM swapping, and synthesized voice calls, has caused an 800% jump in stolen credentials since the start of the year.
One cybercrime group gaining attention is Scattered Spider. Known for attacks on big retailers like Marks & Spencer and Harrods, as well as knocking Qantas offline in July, they are now reportedly shifting their focus toward the insurance industry. Their use of real-time social engineering makes defense difficult.
For insurers, this mixed picture offers little comfort. Fewer claims might feel like a break, but the increasing severity of attacks means the risks are higher than ever. As more critical systems in healthcare, public agencies, and supply chains move online, the fallout from cyberattacks could grow even worse.
Recent incidents, like the Jaguar Land Rover cyberattack that disrupted operations last week, highlight that even major companies are vulnerable. The insurance industry faces big challenges ahead as it tries to predict and price these evolving risks that are more targeted and harder to control.