New claims data from Resilience’s 2025 Cyber Risk Report shows a rise in data theft–driven extortion, credential harvesting and losses tied to third-party vendor breaches.
New claims data from Resilience reveals changes in the nature and economics of cybercrime, with patterns pointing to more calculated and professional attacks across industries. The analysis comes from Resilience’s 2025 Cyber Risk Report, which examines claims trends and threat activity captured in the company’s insurance portfolio and Risk Operations Center (ROC) data.
According to the report, extortion demands tied to stolen data evolved over the year. In the first half of 2025 extortion claims linked to data suppression made up less than half of all extortion claims at 49 percent, but by the second half those accounted for nearly two thirds at 65 percent. Across the full year, attacks focused solely on data theft made up more than half of all incidents at 57 percent.
The report notes that infostealer malware collected more than 2 billion credentials during 2025 and was often present in victim networks before subsequent ransomware incidents occurred. Resilience highlighted this trend as a critical early warning signal that could indicate credential harvesting and possible follow-on attacks.
Resilience also found that some threat groups sourced cyber insurance policies from victim organizations during breaches. Attackers used this information to calibrate ransom demands to maximize payout amounts while staying just below coverage limits.
Vendor risk emerged as the second-highest loss category in Resilience’s claims portfolio, accounting for nearly 18 percent of total losses. Threat actors successfully executed password reset attacks and increased infiltration of open-source code repositories, which serve as core components of enterprise software. The breaches raised concerns about cascading disruption following the compromise of key vendors.
Taken together, the data points to a “new reality” in which cyberattacks extend beyond immediate disruption and cause long-term loss as threat actors adjust tactics to bypass defenses such as robust backup systems.
Resilience’s report recommends that organizations strengthen their cyber defenses through investments in data loss prevention tools, zero-trust architecture, credential monitoring, vendor contingency planning and comprehensive insurance coverage that reflects the severity of 2025 cyber risk levels.
The company said its 2025 Cyber Risk Report is based on ROC data and claims information from its insurance portfolio.
For more details, Resilience directed readers to register to access the full report.