Resilience: Cyber Risk Shifts From Disruption to Long-Tail Losses

Resilience’s 2025 Cyber Risk Report confirms a decisive pivot in attacker tactics. Whereas ransomware once dominated headlines by encrypting files and demanding quick payment, extortion schemes built on stolen data now account for roughly two‑thirds of all claims. The study notes a jump from 49 % to 65 % of extortion incidents featuring pure data‑theft between the first and second halves of last year. This evolution transforms the threat from a short‑lived outage into a protracted legal, regulatory, and reputational battle that can linger for years.

Because the primary damage now stems from exposure rather than downtime, traditional backup‑centric defenses lose their protective edge. Insurers are witnessing claims where victims pay to suppress leaks, only to face class‑action lawsuits once the data surfaces. To curb these long‑tail losses, organizations must shift from recovery‑first playbooks to prevention‑first architectures. Deploying data‑loss‑prevention tools, enforcing zero‑trust network access, encrypting data at rest, and containing privileged identities are emerging as non‑negotiable controls. Such measures not only reduce the likelihood of theft but also limit the regulatory fallout when breaches occur.

The sectoral impact is already visible. Resilience’s portfolio shows retail losses soaring to an average $2.6 million per incident, propelling the industry into the top three loss categories after a year of near‑zero material damage. Manufacturing’s total loss remains highest, though average severity fell 29 %, while health care still endures the highest per‑incident costs. Analysts expect extortion‑only attacks to dominate by 2026, pressuring boards to embed cyber‑risk into enterprise risk management frameworks. Executives who prioritize proactive data protection are likely to safeguard both earnings and brand equity in this evolving threat environment.