Published by Wanda Rich
Posted on September 12, 2025
5 min readLast updated: January 19, 2026
Add as preferred source on Google
Global rise in ransomware costs casts a shadow over UK government’s proposed ransomware ban
Global rise in ransomware costs casts a shadow over UK government’s proposed ransomware ban
The financial fallout of ransomware attacks is climbing even as the number of cyber insurance claims falls, according to new data from Resilience, one of the world’s leading cyber risk solutions companies. In the first half of 2025, across Resilience’s portfolio, the average cost of an individual ransomware attack rose by 17%, while the volume of incurred claims dropped by more than half (53%), highlighting the persistent and destructive threat of financially motivated cybercrime.
In the UK, the impact of these global trends is already being felt. Recent high-profile ransomware incidents targeting Harrods, Marks & Spencer, and Jaguar Land Rover show how consumer brands and manufacturers alike are in the crosshairs of cybercriminal groups. Attacks linked to groups such as Scattered Spider have been especially damaging, demonstrating how UK retailers and manufacturers are increasingly singled out for sophisticated extortion campaigns.
By translating trends in the threat landscape into concrete financial consequences, Resilience’s data offers a rare glimpse into the threat landscape as well as the cyber defence strategies with the highest potential ROI. Published today, Resilience’s Midyear 2025 Cyber Risk Report leverages data from the company’s Risk Operations Centre (ROC) and insurance claims portfolio to analyse trends in hacking activity and industry responses in the first half of 2025. Additional report findings include:
“Across the UK and Europe, we are seeing fewer claims but far greater severity. Double extortion, policy harvesting, and crypto-linked fraud are driving higher losses, often during high-stakes events like acquisitions”, says Tom Egglestone, Head of International Claims at Resilience, based in the company’s London office. “The real risk extends beyond internal controls to vendors and financial workflows, which is where defences must now focus. Strengthening those links is critical to reducing the financial fallout we continue to see.”
Cybercriminals are using increasingly sophisticated and profitable extortion tactics, including AI-powered social engineering, double extortion (attacks that demand two separate payments, one for data decryption and another to prevent public data release), and the theft of an organisation’s cyber insurance policy to better benchmark and set higher ransom demands. These new strategies are fuelling a threat landscape where fewer attacks can still cause immense financial damage.
UK businesses are facing the same high-severity tactics seen globally. Attackers have already deployed double-extortion and policy-theft techniques in incidents impacting both retail and automotive firms, showing that no sector is immune. The prominence of Scattered Spider’s recent UK breaches underscores how attackers are exploiting local industries and public sentiment to maximise disruption.
The consequences have extended beyond the companies directly targeted, with supply chains and customer services also disrupted, amplifying the financial and operational impact across the economy. These breaches highlight the stakes of the UK government’s proposed ransomware ban, with critics questioning whether outlawing payments could inadvertently increase the financial fallout for victims.
“Financial incentives are driving cyber criminals to be more clever and creative, and companies are facing larger losses than ever before,” says Vishaal “V8” Hariprasad, Co-Founder and CEO of Resilience. “Cybercrime comes in waves. Attackers exploit a tactic until defenders catch up, then pivot to new weaknesses. Understanding the financial consequences of attacks and the most common points of failure is paramount to stopping that fallout at the root.”
Read the full report here. For more information about Resilience, visit www.cyberresilience.com.
About Resilience
Resilience helps organisations become cyber resilient to material losses by staying ahead of bad actors. Founded by experts from across the highest tiers of the US military and intelligence communities – and built by prominent leaders and innovators from the cybersecurity, technology, and insurance industries – Resilience is the world’s first cyber risk company that offers risk quantification software, cybersecurity experts, and highly rated insurance in integrated solutions purpose-built for large and middle-market organisations.
Resilience is proud to be backed by leading technology investment firms, including General Catalyst, Lightspeed Venture Partners, Intact Ventures, Founders Fund, CRV, and Shield Capital. With headquarters in San Francisco, Resilience is globally dispersed, with teams in New York, Chicago, Los Angeles, Baltimore, Toronto, London, Milan, Madrid, Stockholm, Rotterdam and Dublin. Resilience offers insurance coverage through its licensed and appointed insurance agents and security services through its expert security team. The Resilience Solution is available through all broker partners to clients in the United States, the United Kingdom, Canada, and Europe.
Media Contact: Whitney GlocknerBlack, whitneyglocknerblack@cyberresilience.com
Ransomware is a type of malicious software that encrypts a victim's files, demanding payment for the decryption key. It poses a significant threat to businesses and individuals, often resulting in substantial financial losses.
Cyber insurance is a policy designed to protect businesses from internet-based risks, including data breaches and cyberattacks. It helps cover costs associated with recovery, legal fees, and potential liabilities.
A cyber risk report analyzes the potential threats and vulnerabilities faced by an organization in the digital landscape. It provides insights into the effectiveness of current cybersecurity measures and suggests improvements.
Explore more articles in the Technology category
