Cyber insurance claims are rising fast, with ransomware and business email compromise (BEC) driving record losses. NetDiligence’s 2025 Cyber Claims Study, based on 10,402 claims between 2020 and 2024, highlights how costs and downtime are hitting businesses harder than ever.
The report paints a stark picture: small and medium enterprises (SMEs) face surging recovery and business interruption expenses, while large enterprises see billion-dollar-scale disruptions.
“In short, incidents were more costly than ever.”
NetDiligence’s 2025 Cyber Claims Study
Key Takeaways at a Glance
10,402 total cyber insurance claims analyzed
Ransomware and BEC remain the top causes of loss
SMEs accounted for 98% of claims but only 49% of costs
Large enterprises made up 2% of claims but 51% of costs
Business interruption losses topped $26M at large firms
Ransom demands reached $150M, with payouts up to $75M
“These findings reinforce the need for organizations of all sizes to not only invest in cyber defenses but also to maintain a clear, actionable response plan they can rely on when incidents occur,” said Mark Greisiger, President & CEO, NetDiligence
SMEs Carry the Weight of Volume
SMEs submitted nearly all cyber insurance claims in the study. The report states: “98% of claims ($2.4B in total) [came] from small to medium enterprises with less than $2 billion in annual revenue.”
Average incident costs for SMEs surged to $264K, up nearly 30% from last year’s report. Business interruption was especially punishing. Claims with downtime averaged $1.8M in total incident cost.
Ransomware dominated SME losses. “Ransomware and business email compromise accounted for 50% of claims ≥$1K in the five-year period 2020–2024, and nearly 55% in 2024.”
Large companies filed far fewer claims, yet their losses dwarfed SMEs. Just 2% of claims represented 51% of total incident costs.
The scale is staggering. The average incident cost at large enterprises was $10.3M. In cases with business interruption, that number spiked to $36.1M, including $26M in downtime costs alone.
The report noted eight incidents above $100M. One large company faced a $500M cyber event in 2021.
Ransomware Escalates
Ransomware remains the single greatest driver of loss. “Ransoms rose to new and unprecedented levels, with initial demands as high as $150M and ransoms paid as high as $75M.”
The impact ripples beyond the ransom itself. Recovery costs ballooned, especially for SMEs. The study found that ransomware incidents with recovery expenses averaged $961K, nearly 400% higher than incidents without them.
Business Email Compromise Surges
Business email compromise continues to plague organizations. NetDiligence tracked 1,864 claims due to BEC. In 2024 alone, claims spiked to 468, though average cost remained modest at $75K.
Experts warned that simple mistakes remain the root cause. One analyst noted, “84% of those cases involved someone clicking an email link.”
Legal and Crisis Costs Climb
Crisis services and legal fees are also rising. At SMEs, legal costs ranged widely, with some incidents topping $2.6M in damages and settlements.
Crisis response, including forensics, notification, and PR, consumed nearly half of all SME incident costs. For large companies, crisis services sometimes exceeded $22M.
The Insurance Angle
Payout ratios reveal stark differences. SMEs recovered 69% of their incident costs from insurers, down from 81% in last year’s study. Large companies recovered only 27%.
This gap underscores the need for better underwriting, higher self-insured retentions, and stronger resilience planning.
Get The Cyber Insurance Upload Delivered Subscribe to our newsletter!
What It Means
The report’s central message is blunt: “In short, incidents were more costly than ever.”
Cyber insurance claims are no longer isolated financial hiccups. They are existential threats that disrupt operations, drain resources, and test resilience strategies across industries.
The 2025 Cyber Claims Study analyzed 10,402 claims from incidents between 2020 and 2024. Researchers included only claims with at least $1,000 in reported incident cost to ensure consistency. The dataset was built with input from major cyber insurers and spanned multiple sectors, company sizes, and causes of loss. NetDiligence also collected updated and previously unreported claims in early 2025, including 1,691 new claims from 2024.
Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.
