86% of Businesses Refused to Pay Cyber Ransoms in 2025 — Coalition Insurance

The Coalition report underscores a pivotal shift in how organizations confront ransomware. While attackers amplified their financial demands by nearly half in 2025, a striking 86% of the 1,400 high‑signal claims examined chose not to pay. This trend reflects broader adoption of robust data‑backup strategies, incident‑response playbooks, and a growing confidence that recovery can be achieved without capitulating to extortionists. Insurers, too, are taking note, tightening claim thresholds and refining underwriting criteria to differentiate between truly high‑impact events and lower‑severity noise.

Nevertheless, ransomware remains the most expensive cyber threat, with an average loss of £202,000—approximately $250,000—per incident. That figure dwarfs the financial impact of other attack vectors, even as business email compromise and funds‑transfer fraud together represent 58% of all reported incidents. Companies must therefore balance investments: while strengthening backup and response capabilities reduces ransom payouts, they must also bolster email security, multi‑factor authentication, and transaction monitoring to curb the broader spectrum of fraud.

For the insurance market, these findings prompt a recalibration of pricing and coverage terms. The shift toward lower ransom payments may lower claim frequency, but the high average loss per event sustains premium pressure. Insurers are likely to demand stricter cyber‑hygiene certifications and may introduce incentives for proven resilience measures. Enterprises that can demonstrate mature security postures stand to benefit from reduced premiums and more favorable policy terms, reinforcing the business case for proactive cyber risk management.