NetDiligence Cyber Claims Study 2025

Keypoints

• The annual cybersecurity report follows a structured format including sections such as Introduction, Key Findings, Data Overview, Incident Costs, Causes of Loss, and Appendices, each addressing statistical analysis, trends, and specific incident types.
• The report analyzed 10,402 claims from 2020-2024, with 98% of claims from SMEs ( $2B revenue) responsible for 51% of costs.
• Ransomware and business email compromise together constitute the leading causes of loss, accounting for 50% of claims in SMEs and nearly 55% in 2024, with ransomware ransom demands reaching up to $150M.
• Large companies experience fewer claims but significantly higher average incident costs and payout amounts, with incidents exceeding $500M recorded.
• Crisis services costs have increased notably for SMEs, now averaging 47% of total incident costs, driven by forensic and legal guidance expenses.
• Business interruption and recovery expenses contribute substantially to overall incident costs, particularly in ransomware incidents involving SMEs.
• Legal costs vary with some high-impact settlements inflating averages primarily at large companies, though fewer claims report these expenses compared to SMEs.
• The number of exposed records has decreased, possibly due to a higher proportion of recordless attacks such as ransomware and BEC, diluting reliance on per-record metrics.
• Criminal activities (hacking, ransomware, social engineering, BEC, phishing) dominate incident types, accounting for over 97% of SME claims and 90% at large companies, with higher costs associated with criminal incidents.
• Self-insured retentions have been rising steadily, especially among large companies, reflecting evolving policy structures and risk sharing.
• Top causes of loss at SMEs include ransomware, business email compromise, hackers, and wire transfer fraud, representing 72% of claims and 85% of total incident costs.
• Although ransomware incident counts appear to decrease, this may be due to reporting delays; incident costs and ransom payments continue to escalate significantly.
• Business email compromise cases increased in 2024 with generally lower incident costs but a broad impact on SMEs, often through email link compromises.
• Wire transfer fraud losses rose in 2024, with cases involving large thefts such as a $15 million incident, calling for enhanced verification protocols to prevent fraudulent transactions.
• Incidents caused by staff mistakes and rogue employees have declined, indicating possible improvements in internal controls and employee training.