Full Report
Two firms recently told DataBreaches that about 30% or more of their clients pay ransom after a cyberattack. But you may get a different impression from other findings. The Actuary reports: Initial ransom demands by cyber attackers surged by 47% last year but record numbers of businesses declined to pay up, according to a specialist... Source
Analysis Summary
# Industry News: Surge in Ransom Demands Met by Record Refusals in 2025
## Summary
A landmark 2026 cyber claims report from Coalition Insurance reveals that while initial ransom demands increased by 47% in 2025, a vast majority of businesses (86%) refused to pay. This trend suggests a significant shift in corporate resilience and a stiffening of corporate policy against cyber extortion despite the rising financial stakes.
## Key Details
- **Date:** Reported April 9, 2026
- **Companies Involved:** Coalition Insurance (Specialist Cyber Insurer)
- **Category:** Market Analysis / Trend Report
## The Story
According to Coalition’s analysis of over 100,000 policyholders across the US, UK, Canada, Germany, and Australia, the ransomware landscape in 2025 was characterized by aggressive extortion tactics met with unprecedented resistance. While the average loss for a ransomware attack hit approximately £202,000, demand amounts surged by nearly half compared to the previous year.
However, the headline figure states that 86% of affected firms did not pay the ransom. This shift is attributed to improved incident response (IR) plans and the maintenance of viable, offline data backups. The report also highlighted that ransomware is no longer the only dominant threat; Business Email Compromise (BEC) and Funds Transfer Fraud (FTF) now account for 58% of all reported insurance incidents.
It is important to note the methodology: Coalition narrowed its analysis to roughly 1,400 "high-signal" claims where financial loss was confirmed, filtering out minor technical anomalies or abandoned inquiries to ensure the data reflected impactful business events.
## Business Impact
### For the Companies Involved
- **Coalition Insurance:** Positions itself as a data-driven leader in cyber-risk, using these findings to refine underwriting and encourage policyholders toward better hygiene.
- **Victimized Firms:** Those opting not to pay avoid the legal and ethical complexities of funding criminal enterprises but face the high costs of manual recovery and potential data leaks.
### For Competitors
- **Insurers:** Other cyber insurers must now benchmark their own claims data against these figures. If their "pay rates" are higher, it may indicate a need for more robust pre-breach risk engineering services.
- **Ransomware-as-a-Service (RaaS) Groups:** Criminal organizations are facing a "lower conversion rate," which may lead to even more aggressive double-extortion tactics or shifts toward encryption-less data theft.
### For Customers
- **Supply Chain Trust:** Increased resilience means businesses are less likely to stay "down" for weeks, lowering the cascading impact on their customers.
- **Price Stability:** If insurance payouts for ransoms decrease, it may eventually lead to a stabilization of cyber insurance premiums.
### For the Market
- **Market Sentiment:** There is a growing consensus that "paying doesn't pay." This is maturing the market from a reactive stance to a "resilience-first" mindset.
## Technical Implications
The data implies technical success in two areas:
1. **Immutable Backups:** The high refusal rate suggests companies have successfully deployed backup architectures that Ransomware cannot easily reach or delete.
2. **Detection Velocity:** While BEC/FTF represent 58% of incidents, their high frequency suggests they are easier to execute but perhaps more difficult to detect than the high-impact "noisy" ransomware.
## Strategic Analysis
- **Market Positioning:** Coalition is leveraging transparency to demonstrate that "Cyber Insurance" is as much about risk mitigation and recovery as it is about financial payout.
- **Competitive Advantage:** Firms with documented, tested recovery plans are increasingly viewed as lower risks, potentially gaining better coverage terms.
- **Challenges:** The data may be skewed by "survivorship bias." Smaller firms that pay privately or companies that fear losing coverage might not report their payments, meaning the 86% refusal rate could be overly optimistic.
## Industry Reactions
- **Analyst Opinions:** Analysts note that the 47% surge in demand is a desperate "volume play" by attackers to compensate for the fact that fewer victims are paying.
- **Expert Commentary:** Some experts (via DataBreaches.net) warn that "zero pay" policies can lead to sensitive data being leaked on the dark web, shifting the cost from "recovery" to "long-term litigation and reputation management."
## Future Outlook
- **The "Extortion Pivot":** Watch for attackers to move away from encryption (which backups can solve) toward pure data-exfiltration extortion.
- **Policy Changes:** Expect more insurers to mandate "minimum security standards" (like MFA and offline backups) as a prerequisite for even applying for a policy.
## For Security Professionals
Practitioners should use this data to justify budget increases for **Backups and Incident Response.** The report validates that high resilience is the most effective lever in lowering the ultimate cost of a breach. Furthermore, the 58% incident rate for BEC/FTF suggests that security teams must focus as much on identity management and "human-layer" security as they do on perimeter defense.