The latest NetDiligence Cyber Claims Study revealed that small to medium enterprises (SMEs) account for the vast majority of claims (98 pecent), with large companies (2 percent of the dataset) accounting for over half of all incident costs due to scale and business complexity.
The provider of cyber risk readiness and response solutions analyzed 10,402 cyber insurance claims from incidents occurring between 2020 and 2024.
“The 2025 report reflects that the repercussions of cyber threats are continuing to evolve,” said Mark Greisiger, president of NetDiligence. “By aggregating and analyzing thousands of actual cyber claims, we’re helping the industry move beyond guesswork and respond to cyber risk with greater clarity.”
The study found “enormous variances in the magnitude of loss data. The smallest claims were less than $1,000; the largest were over $500 million. The number of records exposed ranged from 1 to over 140 million.”
Across all claim sizes, costs related to legal services, crisis response, recovery, and business interruption remained significant. In some cases, business interruption losses alone exceeded $1 million.
The study tallied 4,108 new claims collected in 2025, including 1,691 from 2024 events. Of those, 9,171 claims met the financial analysis threshold of ≥$1,000 in total incident cost.
The dataset contained eight claims valued at more than $100 million, 55 claims valued between $10 million –$99 million, and 432 claims valued between $1 million – $10 million.
Of the eight claims valued at more than $100 million, two occurred at organizations with less than $700 million in annual revenue.
Payouts for all organization sizes covered 32 percent of the total incident cost, according to the analysis.
For SMEs, the five-year payout was 69 percent of the total incident cost, while at large companies, this number was 27 percent.
The SME payout dropped from last year’s report (69 percent vs 81 percent).
For large companies, they remain steady (27 percent vs 24 percent).
The top five causes of loss by number of claims reported were: ransomware, business email compromise, hacker, theft of money, and wire transfer fraud.
Ransomware and business email compromise (BEC) remain the top causes of loss, the study found, with 2,675 claims due to ransomware, 41 percent of which occurred between 2022 and 2024, and 1,864 claims due to business email compromise, 58 percent of which occurred between 2022 and 2024.
The study showed that ransomware incidents at SMEs accounted for 81 percent of claims with a business interruption component.
Recovery and business interruption costs continue to rise, especially for SMEs.
SME average costs for crisis services totaled $152,000 and $264,000 for incidents.
For larger companies, the average costs for crisis services totaled $3 million and $10.3 million for incidents.
The top five affected business sectors at SMEs remain the same as in last year’s report, NetDiligence reported.
They are:
- Professional Services
- Manufacturing
- Healthcare
- Retail
- Financial Services
The five accounted for 47 percent of all claims and 60 percent of all total incident costs at SMEs.
The 2025 study also tracks increasing activity related to third-party incidents, an area that continues to grow in complexity and claims volume.
The number of exposed records has declined, though the reason for this is not known.
This year’s dataset was built with contributions from leading cyber insurers. Organizations analyzed range in size from under $12,000 to over $230 billion in annual revenue. Demographic and financial analyses span sectors, revenue bands, causes of loss, and types of data impacted.
The 2025 study also tracks increasing activity related to third-party incidents, an area that continues to grow in complexity and claims volume.
This year’s dataset was built with contributions from leading cyber insurers.
Organizations analyzed ranged in size from under $12,000 to over $230 billion in annual revenue. Demographic and financial analyses span sectors, revenue bands, causes of loss, and types of data impacted.
“We deeply value the ongoing support of our carrier partners,” said Greisiger, “Their trust and collaboration are what make this level of transparency and education possible.”
The net takeaway is that SME costs are up in almost every category from last year’s study, an increase of almost 30 percent., while overall average incident costs have declined 19 percent for large companies.
Underwriters are encouraged to participate in next year’s NetDiligence study. All participating insurers are encouraged to share a larger percentage of their cyber claims, especially those for companies with more than $2B in annual revenue. As participation in the study expands in these two ways, its findings will be richer and more representative of changing market conditions. Send us your thoughts at cyberclaims@netdiligence.com.