Between 2019 and 2023, professional services experienced large losses primarily from ransomware (75.0%), followed by data breaches (14.3%) and other causes (10.7%).

Companies with revenues up to $250M had an average relative frequency of large claims on primary policies of 0.45.

2010–2017: 62.3% of large cyber losses came from other causes, 37.7% came from data breaches, and ransomware caused 0.0% of major losses. At this stage, ransomware claims were rare, and most large claims stemmed from breaches and miscellaneous incidents.

The cumulative DDoS attack volume rose from 110 TB in the first half of 2024 to 438 TB in the first half of 2025. 438 TB is equivalent to over 7 years of uninterrupted Netflix streaming in 4K. It is enough data for more than 1,700 years of uninterrupted audiobook playback.

Average initial ransom demand (based on all cases with ransom demand) in 2022: $21.46 million.

The average duration business operations were affected by ransomware in technology was 57 days.

In 35.7% of data breach cases prior to 2019, the company’s own IT team or outsourced service providers detected the attack.

The average duration business operations were affected by ransomware in other industries was 44 days.

For data breach cases where the attacker was detected by a third-party, it took an average of 136 days to notice the attacker prior 2019.

Financially motivated social engineering, particularly tailored attacks enhanced by AI-powered phishing content, fuelled a disproportionate share of incurred losses (88%).

The average cost of an individual ransomware attack rose by 17% in the first half of 2025.

Between 2019 and 2023, financial services experienced large losses primarily from data breaches (40.9%) and ransomware (40.9%), followed by other causes (18.2%).

Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%).

Healthcare experienced extortion demands as high as $4 million.

Just over half of organizations have centralized governance processes.

Targeted sectors by DDoS attack in the first half of 2025: Defense (23% - an increase of 14%), retail & e-commerce (18% - an increase of 8%), logistics & transport (15% - an increase of 9%), public sector (11%), education (9%), finance (6%), healthcare (5%), telco (5%), technology, IT, Internet (4%), and other (4%).

Healthcare, retail, and manufacturing remained the most targeted sectors.

The largest single email breach, affecting United Seating and Mobility, exposed over half a million records.

The average healthcare email breach exposed nearly 16,000 individual records in the first half of 2025.

More than 1.6 million patient records were compromised across all analysed email-related healthcare incidents that occurred in the first half of 2025.