Extortion attacks, security skills,
and investments

In addition to the basic costs of a data breach (including loss of business, operational downtime, and potentially lost customers), extortion attacks can also affect breach costs. With the increasing frequency and magnitude of the costs of a breach, security skills and security investments have become significant considerations for management. Cost of extortion attacks In addition to ransomware attacks where data is encrypted and a ransom demanded, other types of extortion attacks include data exfiltration (where data is stolen and the organization may then be extorted) and destructive attacks (where data is deleted and systems are destroyed for the attacker’s own objectives). In 2024, law enforcement involvement after a data breach reduced the average cost of ransomware attacks. However, that was not the case in 2025. Fewer organizations involved law enforcement, but more (63%) refused to pay, versus 59% in 2024.²²Appendix IV provides an excerpt from the #StopRansomware guide by CISA MS-ISAC that summarizes best practices in the event of a ransomware attack. Cybersecurity skills shortage Lack of cybersecurity skills continues to be a challenge. Nearly half (48%) of organizations report a lack of skilled security workers. The average cost of breaches associated with a high-level of skills shortage came in at $5.22 million, compared to $3.65 million for organizations with low-level or no skills shortage.²³Security investments and price increasesThe number of organizations that said they intend to increase their security investments post-breach declined to 49% in 2025 after a 23.5% jump in 2024. The top three areas of investment included threat detection (43%), data security and protection tools (37%), and IR planning and testing (35%). For those planning to make post-breach investments, 45% said they would choose AI-driven solutions.²⁴The number of organizations that said they intend to pass the cost of breaches onto their customers also declined from 63% last year to 45% this year. For those planning to raise prices, the extent of those increases was evenly distributed from 1–5% (34%), to 5–10% (36%), to 15% and above (30%).²⁵

$5.08 million — Average cost of extortion or ransomware attack

40% of ransomware victims involved law enforcement versus 52% in 2024.

63% refused to pay a ransom, up from 59% in 2024.

48% reported a lack of skilled security workers.

$5.22 million — Average cost of a breach with high-level security skills shortage

^Source:^IBM^{Cost of a Data Breach Report 2025}