Cyberattacks aren’t just about shutting you down anymore — they’re engineered to linger, quietly inflicting damage long after the headlines fade.
Instead, today’s attacks are deliberately designed to cause lasting financial strain, regulatory fallout, and reputational harm that haunt organizations long after the initial breach is contained—according to a new portfolio study by Resilience, a leading cyber risk solutions provider.
In its 2025 Cyber Risk Report, Resilience reveals a decisive shift in the threat landscape: attackers are moving beyond ransomware schemes that simply lock up data and are now focusing on pure extortion—stealing sensitive information and leveraging it for maximum pressure and payout.
Resilience found that data-theft-only attacks surged from 49% of extortion claims in the first half of last year to 65% in the second half—a sharp escalation in just six months. The company says this marks a clear strategic pivot: instead of encrypting systems, attackers are stealing highly sensitive data, threatening to expose it publicly, and using that leverage to demand payment.
That tactic undercuts one of the most trusted safeguards in cybersecurity: backups. According to Resilience, backups are largely "ineffective against the primary threat: reputational and regulatory damage from data exposure."
The report also highlights a troubling pattern: in some cases, an insured organization pays a threat actor to keep stolen data private, only to be hit later with class-action lawsuits once affected individuals are formally notified of the breach.
And even then, there’s no assurance the attackers won’t turn around and sell the very data they were paid to keep quiet—leaving victims exposed all over again.
Resilience predicts that extortion-only attacks could account for the majority of extortion incidents by the end of 2026—a stark warning for organizations still relying on yesterday’s playbook.
The insurer argues it’s time for a fundamental shift: move beyond recovery-focused strategies and double down on prevention, including robust data loss prevention, zero-trust architecture, encryption at rest, and strict identity containment to stop attackers before they gain leverage.
“Cyber risk is constantly changing,” Vishaal “V8” Hariprasad, co-founder and CEO of Resilience, said in a press release. “As cybercriminals shift their tactics, a new reality is setting in: the real risk is about more than a security incident’s immediate disruption, it’s about the long-tail aftershocks that follow.”
In the report, Resilience urged organizations to “prepare for the reality that successful attacks, driven by the shift from operational disruption to reputational and regulatory exposure, now carry substantially higher financial severity than in previous years.”
Resilience Portfolio Impact
Scattered Spider, a hacking collective known for targeting major corporations, grabbed industry headlines last summer with a wave of cross-industry attacks. Its campaign against U.K. retailers in particular sent shockwaves through the market—and the impact was clearly reflected in Resilience’s data.
The insurer reported that retail, which had recorded virtually no material losses in its portfolio in 2024, suddenly surged into the top three sectors for cyber losses, with average severity climbing to $2.6 million.
Within Resilience’s portfolio, manufacturing continued to generate the highest total losses—although average claim severity fell by roughly 29% year over year. Health care, meanwhile, remained the most severe sector in terms of per-incident impact.
Together with retail, these three industries accounted for a striking 68% of all portfolio losses, underscoring just how concentrated—and costly—the cyber risk landscape has become.
