BakerHostetler’s 2026 Report: Findings From 1,250 Clients’ Breach Experiences in 2025

The BakerHostetler report underscores a stark acceleration in ransomware economics. While the average initial demand surged 70% to $4.2 million, the average payment grew 36% to $682,702, reflecting attackers’ confidence that victims will meet higher stakes. Notably, the motivation for paying shifted in 2025, with organizations more often paying to prevent data publication rather than to obtain a decryptor, a trend that amplifies reputational risk and regulatory scrutiny.

Legal ramifications are becoming a central concern. Class‑action filings rose to 14% of disclosed incidents, up from 9% the prior year, and large enterprises faced lawsuits even when fewer than 1,000 individuals were notified. This uptick, combined with the fact that vendors accounted for a quarter of all matters, highlights the expanding liability landscape and the critical need for robust third‑party risk programs. Additionally, AI’s growing role in attack automation is accelerating both the speed and scale of breaches, prompting states to introduce new AI‑focused regulations.

For executives, the data translates into actionable priorities. Accelerating forensic investigations can shave days off breach notification timelines, reducing exposure. Investing in comprehensive phishing defenses remains essential, given its 30% share as the top cause. Finally, a proactive vendor‑management framework and contingency planning for ransomware negotiations are vital to mitigate financial loss and legal fallout in an environment where ransom demands and litigation are on the rise.