Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%).

Between 2019 and 2023, financial services experienced large losses primarily from data breaches (40.9%) and ransomware (40.9%), followed by other causes (18.2%).

Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%).

Healthcare experienced extortion demands as high as $4 million.

Business interruption was triggered as the main driver of loss in 17.5% of claims (primary 15.1%, excess 23.3%), triggered with some loss impact in 12.6%, triggered with no loss impact known in 7.3%, and not triggered in 62.6%.

Vendor-driven cyber insurance claims notifications fell from 37% to 26% of all claims, representing a 30% drop.

The average duration business operations were affected by ransomware in financial services was 33 days.

The average duration business operations were affected by ransomware in manufacturing was 62 days.

For data breach cases where the attackers themselves disclosed the breach, it took an average of 17 days to notice the attacker since 2019.

Average initial ransom demand (based on all cases with ransom demand) in 2021: $17.39 million.

In 2023, victims paid on average 39.1% of the initial ransom demand.

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

Despite a drop in notifications, vendor-related claims still accounted for 15% of incurred losses estimated so far in 2025.

Business interruption coverage was triggered in 17.5% of all claims, occurring more frequently in excess claims(23.3%) than in primary claims (15.1%).

In 66.0% of data breach cases since 2019, the company’s own IT team or outsourced service providers discovered the attack.

In 2019, organizations took an average of 76 days to restore operations after a ransomware attack.

Companies with revenues between $500M and $750M had an average relative frequency of large claims on primary policies of 1.40.

Companies with revenues between $750M and $2B had an average relative frequency of large claims on primary policies of 1.80.

Companies with revenues above $2B had an average relative frequency of large claims on primary policies of 1.86.

2021: 29.7% of large losses came from other causes, 23.7% from data breaches, and 46.6% from ransomware. Ransomware overtook all other causes and drove nearly half of the biggest cyber claims.