Backup Strategies Are Working, and Ransomware Gangs Are Responding with Data Theft

The 2025 cyber‑insurance landscape is being reshaped by a dramatic rise in business email compromise and funds‑transfer fraud. Together these schemes represent more than half of all claims, driven by sophisticated social‑engineering tactics that exploit executive impersonation and compromised mailboxes. Insurers report lower average losses per incident, reflecting faster detection and improved response protocols, yet the sheer volume of BEC‑linked attacks forces organizations to invest heavily in email authentication, employee training, and real‑time transaction monitoring.

Ransomware remains a costly threat, but its financial impact is softening as firms adopt immutable, isolated backups and rigorous restore testing. Dual extortion—encrypting data while exfiltrating it—now accounts for 70% of ransomware claims, pushing victims to prioritize data governance alongside recovery. Professional negotiators are trimming ransom demands by roughly two‑thirds, but the median payment still hovers around $200,000, indicating that prevention and rapid restoration remain more economical than paying. The shift toward hardened backup architectures signals a broader industry move toward resilience rather than ransom payment.

Technical entry points continue to dictate exposure levels. Public‑facing VPNs were identified in 59% of ransomware incidents, making organizations three to four times more likely to suffer a breach. Coupled with unpatched software exploits, these vectors highlight the need for zero‑trust network designs, regular patch cycles, and multi‑factor authentication. Sector‑specific guidance—such as frequent OT backups for manufacturing and data minimization for healthcare—helps align security investments with business continuity goals, ensuring that even if data is stolen, regulatory and reputational damage stays contained.