Ransomware and Financial Fraud Surge in 2025, Driven by Remote Access Vulnerabilities
The 2026 InsurSec Report from At-Bay, analyzing over 100,000 policy years of claims data, reveals a sharp rise in cyber incidents in 2025, with ransomware and financial fraud leading the surge. Overall claim frequency increased by 7% year-over-year, while average severity hit a record $221,000. Ransomware severity reached $508,000 up 16% from 2024 making it the costliest incident type.
Remote Access Exploits Dominate Ransomware Attacks
Remote access services were the primary entry point for 87% of ransomware claims, up from 80% in 2024. VPN compromises accounted for 73% of intrusions where the vector was identified, a steep rise from 38% in 2023. SonicWall devices were involved in one-third of ransomware claims. Improved email security has shifted attacker focus away from phishing, with no ransomware claims originating from email in 2025.
The Akira ransomware group saw a 364% spike in activity in late 2025, executing attacks within hours or minutes of initial access. Akira’s average ransom demand reached $1.2 million 50% higher than non-Akira demands with payments averaging $452,000. Organizations with 24/7 managed detection and response (MDR) monitoring avoided encryption in every Akira case, while two-thirds of attacks occurred outside business hours, exploiting gaps in coverage.
Smaller Businesses Face Growing Threats
Companies under $25 million in revenue experienced the steepest increases, with ransomware frequency rising 21% and severity climbing 40% to $422,000. Manufacturing saw ransomware frequency at 2.2 times the portfolio average, while technology firms faced the highest severity ($875,000), followed by finance ($731,000) and healthcare ($675,000).
Financial Fraud Losses Escalate
Financial fraud remained the most common incident type, comprising 30% of claims for the third consecutive year. Email was the initial vector in 82% of cases, with average stolen funds rising 16% to $285,000. The largest single loss recorded was $9.65 million. Attackers increasingly routed malicious links through trusted cloud platforms like Cloudflare, which appeared in 69% of abused infrastructure alerts. Rapid reporting improved recovery outcomes funds were returned in 70% of cases reported within three days, dropping to 30% after two weeks. At-Bay recovered $56 million in stolen funds in 2025.
Third-Party Liability Claims Surge
Third-party liability claims rose 70%, the largest increase among tracked incident types. Lawsuits under the California Invasion of Privacy Act (CIPA) accounted for 34% of claims, up from 7% in 2023, expanding beyond Meta Pixel to include tracking tools from LinkedIn and TikTok. Class action lawsuits followed 6% of ransomware incidents and 4% of data breaches, adding defense costs and settlements to initial attack damages. Business interruption coverage was triggered in one-third of ransomware claims, with average severity reaching $510,000 nearly triple that of claims without it. The largest single business interruption payout hit $5 million.
Source: https://www.helpnetsecurity.com/2026/04/23/cyber-insurance-claims-report/
SonicWall cybersecurity rating report: https://www.rankiteo.com/company/sonicwall
"id": "SON1776925440",
"linkid": "sonicwall",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['manufacturing',
'technology',
'finance',
'healthcare'],
'size': 'under $25 million in revenue',
'type': 'businesses under $25 million in revenue'}],
'attack_vector': ['remote access services', 'VPN compromises', 'email'],
'data_breach': {'data_encryption': 'data encryption in ransomware attacks'},
'date_publicly_disclosed': '2026',
'description': 'The 2026 InsurSec Report from At-Bay reveals a sharp rise in '
'cyber incidents in 2025, with ransomware and financial fraud '
'leading the surge. Overall claim frequency increased by 7% '
'year-over-year, while average severity hit a record $221,000. '
'Ransomware severity reached $508,000, up 16% from 2024, '
'making it the costliest incident type.',
'impact': {'financial_loss': '$221,000 (average severity), $508,000 '
'(ransomware severity), $285,000 (financial '
'fraud), $9.65 million (largest single loss)',
'legal_liabilities': 'third-party liability claims rose 70%, class '
'action lawsuits followed 6% of ransomware '
'incidents and 4% of data breaches',
'operational_impact': 'business interruption coverage triggered in '
'one-third of ransomware claims'},
'initial_access_broker': {'entry_point': 'remote access services, VPN '
'compromises'},
'lessons_learned': 'Improved email security shifted attacker focus away from '
'phishing. Organizations with 24/7 MDR monitoring avoided '
'encryption in every Akira case. Rapid reporting improved '
'recovery outcomes for financial fraud.',
'motivation': ['financial gain'],
'post_incident_analysis': {'corrective_actions': 'implement 24/7 MDR '
'monitoring, enhance remote '
'access security, improve '
'financial fraud reporting '
'speed',
'root_causes': 'remote access vulnerabilities, VPN '
'weaknesses, gaps in 24/7 '
'monitoring coverage'},
'ransomware': {'data_encryption': True,
'ransom_demanded': '$1.2 million (Akira average), 50% higher '
'than non-Akira demands',
'ransom_paid': '$452,000 (Akira average)',
'ransomware_strain': 'Akira'},
'recommendations': 'Enhance remote access security, implement 24/7 MDR '
'monitoring, improve reporting speed for financial fraud, '
'and address third-party tracking tool vulnerabilities.',
'references': [{'source': '2026 InsurSec Report by At-Bay'}],
'regulatory_compliance': {'legal_actions': 'class action lawsuits followed 6% '
'of ransomware incidents and 4% of '
'data breaches',
'regulations_violated': ['California Invasion of '
'Privacy Act (CIPA)']},
'response': {'enhanced_monitoring': 'organizations with 24/7 managed '
'detection and response (MDR) monitoring '
'avoided encryption in every Akira case',
'recovery_measures': 'funds were returned in 70% of cases '
'reported within three days',
'third_party_assistance': 'At-Bay recovered $56 million in '
'stolen funds in 2025'},
'threat_actor': ['Akira ransomware group'],
'title': 'Ransomware and Financial Fraud Surge in 2025, Driven by Remote '
'Access Vulnerabilities',
'type': ['ransomware', 'financial fraud', 'third-party liability'],
'vulnerability_exploited': ['remote access vulnerabilities', 'VPN weaknesses']}