Average initial ransom demand (based on all cases with ransom demand) in 2020: $11.25 million.

Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%).

In 2023, organizations took an average of 32 days to restore operations after a ransomware attack.

In 2019, victims paid on average 56.9% of the initial ransom demand.

Between 2019 and 2023, financial services experienced large losses primarily from data breaches (40.9%) and ransomware (40.9%), followed by other causes (18.2%).

Before 2023, 62.8% of backups were affected by ransomware.

In 2020, victims paid on average 37.4% of the initial ransom demand.

In 49.2% of large ransomware claims, attackers gained access by exploiting system vulnerabilities.

Average initial ransom demand (based on all cases with ransom demand) in 2023: $32.25 million.

In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems.

Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%).

In 2022, victims paid on average 42.0% of the initial ransom demand.

Average initial ransom demand (based on all cases with ransom demand) in 2019: $7.77 million.

The average duration business operations were affected by ransomware in retail was 32 days.

Before 2023, 37.2% of backups were not affected by ransomware.

In 2020, organizations took an average of 54 days to restore operations after a ransomware attack.

2020: 27.3% of large losses came from other causes, 29.2% from data breaches, and 43.4% from ransomware. Ransomware remained a dominant source of costly claims.

The average duration business operations were affected by ransomware in financial services was 33 days.

The average duration business operations were affected by ransomware in manufacturing was 62 days.

The average cost of an individual ransomware attack rose by 17% in the first half of 2025.