What's Happening?
Insurance experts have highlighted a significant increase in extortion-only attacks, urging organizations to better manage their exposure and consequences. According to a report by insurer Resilience, 65% of extortion-related claims in the latter half
of 2025 did not involve data encryption, a rise from 49% earlier in the year. By the end of 2025, data theft, either alone or combined with encryption, accounted for 87% of ransomware claims. The report also noted that 30-40% of policyholders who paid to prevent data leaks failed to achieve their goal. The findings suggest that paying ransoms often marks organizations for future attacks, as paying for data suppression is unreliable. Experts recommend shifting focus from recovery to prevention, using data loss prevention technology, and employing zero trust architectures to mitigate risks.
Why It's Important?
The rise in extortion-only attacks poses a significant threat to organizations, as traditional recovery methods like paying for decryption keys are becoming less effective. This shift in tactics by cybercriminals highlights the need for organizations to adopt more robust preventive measures. The financial and reputational risks associated with data breaches and extortion demands can be substantial, affecting not only the targeted organizations but also their stakeholders, including customers and partners. As data theft becomes a more attractive tactic for threat actors, organizations must enhance their cybersecurity strategies to protect sensitive information and reduce the likelihood of falling victim to such attacks.
What's Next?
Organizations are advised to develop a comprehensive decision framework for handling extortion demands, including engaging legal counsel and incident response teams. They should also conduct tabletop exercises to prepare for potential ransom scenarios, ensuring that leadership is not making critical decisions under pressure for the first time. Additionally, organizations should focus on tracking the long-term financial impacts of extortion incidents, such as regulatory fines and reputational damage, to better understand the true cost of these attacks. By prioritizing prevention and preparedness, organizations can improve their resilience against the growing threat of extortion-only attacks.
