Claim frequency rose 7% year-over-year to the highest rate At-Bay has recorded since 2021.

Companies with under $25M in revenue saw a 26% increase in average claim severity, the steepest jump of any segment and part of a three-year upward trend.

Akira, a Ransomware-as-a-Service operation that has run since 2023, drove a 53% increase in ransomware frequency in the second half of 2025.

Akira accounted for more than 40% of all ransomware claims in At-Bay’s portfolio for the full year.

86% of Akira attacks occurred in environments where a SonicWall device was present.

The largest single business interruption claim hit $5M, the policy limit.

Roughly one in 10 ransomware incidents caused downtime exceeding 30 days.

Financial fraud was the most common incident type for the third consecutive year, accounting for 30% of all claims.

The average amount stolen reached $285K, up 16% from the prior year and up significantly from $199K in 2023.

The single largest fraud loss in 2025 hit $9.7M.

Average claim severity climbed to an all-time high of $221K.

Akira ransom demands averaged $1.2M, which is 50% higher than the non-Akira average.

Two-thirds of Akira attacks in 2025 occurred on nights or weekends.

In 2025, one in three ransomware claims triggered business interruption coverage.

Ransomware claims that triggered business interruption coverage averaged $510K in severity, compared to $168K for ransomware claims without business interruption.

Third-party liability claims jumped 70% in 2025.

Dual-extortion ransomware accounted for 70% of all ransomware claims in 2025.

Businesses with more than $100 million in revenue faced a claims frequency five times higher than smaller organizations.

Supply chain-driven cyber claims were up 43%.