Ransom Attacks up, but Payments Headed Down as Cyber Becomes Top of Mind

The surge in ransomware incidents, up 45% in the past year, reflects a broader shift in the cyber‑threat landscape. While attackers proliferate, the average ransom demanded has shrunk by roughly 44% since 2022, a trend driven by more mature incident‑response programs, robust backup strategies, and disciplined claim negotiations. Insured organizations are increasingly able to assess the true cost of paying versus restoring systems, especially when no sensitive data is compromised, leading to more selective payments.

At the same time, the nature of extortion is evolving. Hackers are moving away from classic encryption‑only ransomware toward data‑only theft and double‑extortion tactics, where they threaten public disclosure of stolen information in addition to demanding decryption keys. This lowers the technical barrier to entry, enabling smaller, less‑sophisticated groups to launch attacks. The report highlights that seven threat actors account for two‑thirds of identified cases, with Akira and Qilin alone responsible for over half, underscoring the concentration of power among a few prolific gangs.

Looking ahead, artificial intelligence is poised to accelerate attack automation, making rapid, low‑cost campaigns more common. Industries heavily reliant on sensitive data—such as professional services, manufacturing, and healthcare—must prioritize continuous preparedness, including AI‑enhanced detection and response capabilities. For cyber insurers, the dual challenge is to balance premium pricing against the decreasing average payouts while accounting for the higher frequency of sophisticated, data‑centric extortion schemes that could reshape loss models in the coming years.