Ransomware, third-party disruptions, and the rise of AI-powered attacks are reshaping the cyber risk landscape in 2025. A new midyear analysis from Resilience shows how these forces are playing out in real-world incidents and how they are changing the financial impact of attacks on organizations across sectors.
The report, based on cyber insurance claims, offers a view into which attacks are hitting hardest and where vulnerabilities are emerging. For CISOs, the findings highlight where defenses may be falling short and which trends are likely to shape the rest of the year.
Vendor-related risk remains a top concern
The biggest shift in the past year has been the surge in vendor-related incidents. In 2024, business interruption caused by vendor outages accounted for 22% of total losses in Resilience’s portfolio. While that figure dropped slightly to 15% in the first half of 2025, vendor incidents still make up a significant share of claims.
The analysis points to high-profile examples, including attacks on CDK Global and Change Healthcare, which disrupted operations across entire industries. These events show how a single point of failure can ripple through interconnected supply chains, impacting organizations that were not directly targeted.
Judson Dressler, Director of the Risk Operations Center at Resilience, told Help Net Security that CISOs need to think about vendor monitoring as a dynamic process rather than a one-time assessment. “The foundation of vendor risk management is continuous awareness of threats and vulnerabilities affecting vendors, then translating those signals into financial projections—i.e., what it would actually cost the company should the vendor experience a security incident or business disruption,” Dressler said.
“CISOs can use those business-friendly insights to advocate for proactive adjustments to vendor relationships or shore up single points of failure that help protect against future fallout. Other specific, strategic investments for vendor resilience include advanced threat detection for AI-powered social engineering, insider threat monitoring through behavioral analysis, and supply chain security requiring Zero Trust practices from all vendors,” he added.
AI is changing social engineering attacks
Attackers are using AI to improve the success rate of phishing and impersonation schemes. According to the analysis, social engineering accounted for 57% of incurred claims and 60% of total losses in the first half of 2025.
AI-generated phishing campaigns are harder to detect than traditional ones. They are also spreading beyond email into browser-based attacks and even phone calls using voice synthesis. These tactics have been used to bypass multi-factor authentication and trick IT helpdesks into granting access to sensitive systems.
This shift has created new challenges for defenders. Even organizations with regular training and strong policies are struggling to keep up as the quality of fraudulent messages improves.
Dressler explained that while AI is amplifying these threats, the solutions still rely on core practices. “It’s important to remember that at this point, AI is making traditional social engineering more effective,” he said. “This means that doubling down on fundamentals for mitigating social engineering attacks can make a big difference. Red-teaming identifies gaps in your team’s ability to detect and respond to AI-powered fraud, and building behavioral baselines into anomaly detection software helps it flag only legitimately suspicious activity. Most important is prioritizing extra verification and protections for your highest-value assets so a single phishing scam slipping through doesn’t wreak havoc across the entire organization.”
Ransomware attacks are fewer but more damaging
Ransomware remains the most expensive type of cyber incident. While overall claims fell by 53% in the first half of 2025 compared to the same period in 2024, the cost of individual ransomware incidents rose. The average ransomware claim so far this year is $1.18 million, up 17% from 2024.
The analysis highlights a trend toward double extortion, where attackers demand payment to unlock systems and to prevent stolen data from being released. Some reports have even described cases of triple extortion, though Resilience did not see that in its data for the first half of the year.
A key finding is that most organizations hit by ransomware did not pay. Only 14% of ransomware claims involved a known extortion payment in early 2025, down from 22% last year. Companies with strong backups and tested recovery plans were far less likely to pay attackers.
Source link
