Business interruption costs growing
Business interruption costs stemming from ransomware attacks, data breaches, and other cyber events remain. In 2025, for example, costs from lost business and post-breach response following a data breach averaged $4.44 million, according to IBM — 9% less than in 2024, but still a sizable number. (See Figure 2.)
Even as ransomware attackers increasingly pursue double and triple extortion schemes, business interruption accounts for 51% of all ransomware-related losses, according to Munich Re, and the mean cost to recover from a ransomware attack is $1.53 million in 2025, according to Sophos. One bright spot for businesses in 2025: More companies have been able to recover in one week or less, according to Sophos. (See Figure 3.)
Recent events have demonstrated how vulnerable organizations are to disruptions involving third parties upon which they depend. “One of the most pressing cyber risks lies in the vulnerabilities of supply chains, which have been identified by criminals and state-sponsored actors alike as the ‘Achilles' heel’ of economies and social infrastructure,” Munich Re said. “Digital bottlenecks will continue to pose major risks from software compromise, managed service provider compromise or single service disruption – to name just a few but very common supply chain risks.”
For guidance on how to take a proactive approach to cyber business interruption, explore Lockton and J.S. Held’s Cyber Business Interruption Playbook.
The July 2024 CrowdStrike outage, for example, was among the largest IT disruptions in history, knocking 8.5 million Windows devices offline, Microsoft said. In litigation filed against CrowdStrike in October, Delta Airlines said the outage prompted the cancellation of 7,000 flights, affecting more than 1 million passengers and resulting in a loss of more than $500 million.
Similarly, the February 2024 ransomware attack against Change Healthcare, a leading payment processing vendor for healthcare providers, resulted in widespread outages across the industry, in addition to direct losses suffered by the company’s parent, UnitedHealth. And the June 2024 attack against auto retail technology provider CDK Global disrupted operations for some 15,000 dealers in the U.S. and Canada.
