Guide

The cost of a data breach: 2025 NetDiligence Cyber Claims Study

Do you know the true cost?

September 25, 2025

Key takeaways

Ransomware and business email compromise were the two leading causes of loss.

Ninety-eight percent of claims in the study come from small to medium enterprises.

image of money and sales chart showing upward growth

Ransoms rose to new and unprecedented levels with demands as high as $150 million.

#
Risk consulting Cybersecurity consulting Cybersecurity

Understanding the ongoing cybersecurity threats to the middle market

As cybersecurity threats and data security events continue to increase, understanding the costs and resources necessary to respond to a data breach is essential. RSM is a proud sponsor of the fifteenth annual NetDiligence® Cyber Claims Study, a report detailing the actual losses from data breaches and other cyber-related incidents covered by leading cyber insurance carriers.

This year’s report features an analysis of over 10,000 cyber claims arising from events that occurred between 2020 and 2024. Ransomware and business email compromises (BEC) continue to be the two leading causes of loss in the NetDiligence survey. Losses in the top four categories (ransomware, BEC, hackers and wire transfer fraud) accounted for 72% of all claims and 85% of total incident costs during that five-year period for small to medium enterprises.

Almost all the claims in the survey (98%) were from small to medium enterprises with less than $2 billion in annual revenue. While large companies represented only 2% of claims, they accounted for 51% of the total incident costs in the report.

Companies need security hygiene and good control of their identities, multifactor authentication, and reduction of privileged identities. Those things alone will help shrink the attack surface. But there’s always a chance they’re going to get in. So now, what’s your resiliency plan? Do you have one? Have you tested it? Do you have the vendors in place to help you recover?
Alden Hutchison, Principal, RSM US LLP

Bonus content inside the report:

Creating a blueprint for cybersecurity resilience

Companies should establish an effective foundation to strengthen their ongoing cybersecurity efforts. RSM recommends the following five steps:

  1. Double down on fundamental protections
  2. Manage vendors and third parties
  3. Embrace the cloud securely
  4. Stay ahead of emerging threats
  5. Stress incident response and resilience

By shrinking the overall attack surface and establishing a more resilient environment, companies can mitigate current and future risks and limit damage if—or when—an attack occurs.

Download the report

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.