Initial cyber ransom demands grew by 47% in 2025

The initial demands of ransomware attackers grew in value by 47% year-on-year across 2025 to an average of more than £1m, according to new research from cyber insurance firm Coalition.

The data – which comes from the firm’s 2026 Cyber Claims Report, released today (6 March 2026) – also indicated that despite the growth in demands, 86% of targeted companies do not pay out any form of ransom when attacked.

The findings come amid a period of change in the cyber cover landscape. While claims frequency grew by 3% between years, claim severities fell by 19% to an average loss of £87,000.

Of the common cyber related claims, ransomware remains by far the most costly, averaging claims of £202,000. In terms of volume, business email compromise (BEF) and funds transfer fraud (FTT) continue to make up the bulk of incidents, accounting for 58% of notifications.

Turning point

Rob Jones, global head of claims at Coalition, said: “The data suggests a turning point in the economics of ransomware – while threat actors escalate their demands to push for higher, seven-figure payouts, cyber insurer support is helping businesses limit losses and is starting to help tip the scales back in favour of defenders.

“Ultimately, we’re seeing the continuous partnership that active insurance offers between Coalition and our policyholders is reshaping the loss profile of cyber insurance and creating better outcomes.”

Laura Stewart, UK head of claims at Coalition, added: “We saw significant ransomware headlines in the UK in 2025 and an uptick in clients looking to improve their cyber maturity.

“Over 80% of UK policyholders engaged with our coalition control cyber risk management platform in 2025. While 86% of our global policyholders did not pay a ransom demand, in 100% of UK ransomware incidents, we were able to help the clients get back up running and return to normal operations without the payment.”