Cyber Claims
Cybersecurity statistics about cyber claims
Top Vendors
Showing 1-20 of 85 results
Vendor-related losses represent 18% of total losses in Resilience's 2025 claims portfolio.
Extortion demands to suppress stolen data comprise 49% of extortion claims in the first half of 2025 and 65% of extortion claims in the second half of 2025.
Infostealers harvested more than 2 billion credentials.
Data theft-only attacks account for 57% of all attacks in 2025.
In the second half of 2025, more than two-thirds of ransomware attacks leveraged data theft instead of encryption.
In 6.4% of cases since 2019, the attackers themselves disclosed the breach.
In 42.9% of cases prior to 2019, breaches were first flagged by outside parties such as security firms, regulators, or customers.
Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%).
The average duration business operations were affected by ransomware in financial services was 33 days.
The average duration business operations were affected by ransomware in manufacturing was 62 days.
For data breach cases where the attackers themselves disclosed the breach, it took an average of 17 days to notice the attacker since 2019.
Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million.
In 2023, victims paid on average 39.1% of the initial ransom demand.
Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).
In 2019, organizations took an average of 76 days to restore operations after a ransomware attack.
Privacy and cyber security coverage was triggered in 13.2% of all claims, with a higher prevalence in excess claims(22.2%) compared to primary claims (9.4%).
In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.
Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%).
Companies with revenues between $500M and $750M had an average relative frequency of large claims on primary policies of 1.40.
Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.