The Changing Landscape of Cybercrime: Insights from Resilience Cyber Claims Data

Resilience Cyber Claims Data: The New Economics of Cybercrime

In the ever-evolving landscape of cyber threats, 2025 marked a significant turning point in the way cybercriminals operate. According to recent data released by Resilience, a prominent cyber risk company, there has been a notable shift in tactics, driving organizations to reassess their defenses against professionalized cybercrime.

The Shift from Encryption to Data Theft

The data indicates a key trend: more than two-thirds of ransomware attacks in the latter half of 2025 harnessed data theft rather than solely relying on encryption tactics. This change highlights a growing preference among cybercriminals to extract long-term leverage by securing sensitive information rather than merely disrupting operations. Such strategies not only maximize financial gains but also create a complex web of repercussions for affected organizations.

A comprehensive analysis of claims from Resilience’s Cyber Risk Report illustrates this worrying evolution. The increase in data theft attacks signified that hackers were now adept at circumventing overcoming organizations' robust backup protocols, opting instead for more sophisticated infiltration methods.

Rising Stakes and Growing Losses

Throughout 2025, extortion demands that focused on suppressing stolen data surged, representing nearly two-thirds of claims in the latter half of the year. This notable increase enforced the need for organizations to evolve their thinking regarding cyber insurance claims. Data theft, comprising over half of all cyber incidents, underscores the urgent necessity for businesses to revise their cyber strategies to keep pace with malicious actors.

The report indicates that infostealers played a crucial role in this newly formed infringing landscape, harvesting a staggering 2 billion credentials. Adding to this challenge is the increasing sophistication of threat groups, such as Interlock, which utilized stolen cyber insurance data to fine-tune ransom demands. This calculated approach exemplifies a new paradigm in cybercrime focused on meticulous planning and execution.

Vendor Risks and Strategic Planning

Another critical area of concern that emerged from the data is vendor risk, which made up nearly one-fifth of total losses. Cyber actors are increasingly employing password reset manipulations and infiltrating open-source code repositories, potently endangering essential enterprise applications. This shift raises alarms about potential cascading failures across supply chains and industry sectors if vital vendors succumb to such breaches.

The data clearly indicates the urgency for organizations to foster robust contingency plans, monitor vendor security, and engage in proactive measures to protect against these emerging threats.