Selective and Devastating: New Cyber Report Reveals Paradox of Fewer But Far More Damaging Attacks
A new midyear cyber risk report reveals a startling paradox: while cyber insurance claims have plummeted, the attacks that do succeed are becoming far more targeted and financially devastating, especially for U.S. businesses .
The findings from Resilience’s Midyear Cyber Risk Report show a 53% drop in claim notifications in the first half of 2025 compared to 2024, suggesting a potential “return to operational equilibrium.” However, this positive trend masks a much darker reality. The same report found that ransomware attacks—particularly those exploiting third-party vendors—have become sharper, more selective, and significantly costlier, offering insurers and policyholders little room for complacency .
The Rising Cost of Ransomware
Ransomware remains the most damaging form of cyberattack, accounting for a staggering 76% of all incurred losses in the first half of 2025. When vendor systems are targeted, that figure jumps to an alarming 91% of overall losses .
The financial impact is crushing. The average ransomware claim has skyrocketed to $1.18 million, up dramatically from $705,000 in 2024. In an unsettling new development, attackers are now actively hunting down copies of their victims’ cyber insurance policies to calibrate their ransom demands, knowing exactly how much coverage the target carries .
While the percentage of victims who pay ransoms has fallen to just 14%, cybercriminals are adapting with more sophisticated “double” and even “triple” extortion tactics. These involve not just encrypting data but also stealing it and launching disruptive attacks like DDoS to force payment .
The Critical Link: Third-Party Vendor Risk
Vendor-related risk has emerged as one of the most persistent and severe threats in the cyber landscape. While third-party incidents accounted for 15% of incurred losses in H1 2025 (down from 22% in 2024), this decline masks the extreme severity of individual incidents. When a vendor is compromised, the losses for affected clients often rival those caused by direct ransomware attacks .
Recent high-profile breaches illustrate the scale of this exposure. The Farmers Insurance breach, which stemmed from a third-party vendor, compromised over a million records. Similarly, a ransomware attack forced Nevada’s Division of Insurance offline in August, disrupting critical regulatory operations and delaying consumer filings .
AI-Powered Phishing and Emerging Threats
If ransomware causes the most financial damage, phishing remains the most common point of failure. Phishing attacks drove 49% of incurred losses in Resilience’s customer portfolio in the first half of 2025 .
The report highlights the growing effectiveness of AI-powered social engineering. Browser-based phishing attacks, SIM swapping, and AI-generated voice synthesis are fueling an unprecedented “800 percent increase” in credential compromises since January 2025. These tactics make fraudulent schemes dramatically more convincing and difficult to detect .
The report also underscores the growing prominence of groups like Scattered Spider, which has targeted major retailers and airlines and is now reportedly pivoting toward the insurance industry itself. The gang’s use of real-time social engineering makes it particularly difficult to defend against .
Expert Insight: A Call to Action
“The 53% drop in claims doesn’t tell the whole story,” said Jeremy Gittler, Resilience’s global head of claims. “Yes, we’re seeing fewer incidents escalate to incurred losses, but when they do hit, they’re hitting harder. The 17% increase in ransomware claims losses shows that cybercriminals are becoming more selective and more devastating in their approach” .
This sentiment reflects a broader industry understanding that complacency is not an option. The decline in claims frequency may offer short-term relief, but the growing intensity of successful attacks points to rising systemic risk—especially as supply chains, healthcare systems, and public agencies become increasingly digitized and interconnected .
Protecting Your Business: The Role of Cyber Insurance
For U.S. businesses, this report serves as a critical reminder of the evolving threat landscape. Companies like Selective Insurance emphasize the importance of tailored cyber liability coverage, which can help protect businesses from losses related to ransomware, cyber extortion, social engineering, and data breaches .
A comprehensive Business Owners Policy (BOP) that bundles cyber coverage with property and liability insurance can be a practical and budget-friendly solution for many businesses. However, as threats evolve, working with an independent agent to customize coverage for specific risks—particularly vendor-related exposures—has become essential .
Conclusion: A Landscape of Elevated Risk
The Resilience report paints a picture of an insurance sector at a crossroads. While improved cybersecurity measures may be contributing to fewer successful small-scale attacks, cybercriminals are adapting by focusing on more valuable targets and exploiting systemic vulnerabilities, particularly in third-party vendor networks.
For insurers, the challenge is to anticipate and price these evolving risks, which are becoming less predictable, more targeted, and harder to contain. For businesses, the message is clear: robust cybersecurity hygiene, vigilant vendor risk management, and appropriate insurance coverage are no longer optional—they are fundamental components of modern business resilience.
As the Jaguar Land Rover shutdown demonstrated last week, even industrial stalwarts are not immune. In today’s digital economy, every connected organization must prepare for attacks that are indeed both selective and devastating .