The average ransomware demand soared 70% to $4.24 million last year, while the average payment was up 36% to $682,702. Meanwhile, phishing remains the leading root cause of data-security incidents, accounting for 30%, according to the 12th annual \u201cData Security Incident Response Report\u201d released late Thursday by the law firm BakerHostetler.<\/p>\n
The report, entitled \u201cThe Risk Remains (Mostly) the Same,\u201d draws on information and insights gained in guiding the national law firm\u2019s clients through more than 1,250 data breaches and related security compromises. Health care was the biggest affected industry at 27% of incidents, followed by finance and insurance at 18%, business and professional services at 15%, and the retail, restaurant, and hospitality sectors at 11%.<\/p>\n
The largest ransom demand in 2025, as cited by\u00a0BakerHostetler<\/a><\/strong>\u00a0was $98 million, while the largest paid ransom was $5.65 million, well under a $20-plus million payment in 2024. But the average paid ransom rose by more than a third from 2024\u2019s average of $501,338.<\/p>\n The leading types of compromises cited in BakerHostetler\u2019s client incidents were network intrusions at 47% and business email compromises, 32%. Five other types of compromises all accounted for under 10% each.<\/p>\n While phishing was the root cause of nearly one-third of incidents, the cause of some 19% was unknown. Unpatched vulnerabilities accounted for 10%. At 8% each were social engineering and human error\/unintended recipients.<\/p>\n Meanwhile, it\u2019s no surprise that the rapidly growing adoption of\u00a0artificial intelligence<\/a><\/strong>\u00a0is showing up in data-security incidents. At first, AI seemed mainly to be enhancing the effectiveness of phishing, but now it\u2019s more than that, according to the report\u2019s authors.<\/p>\n \u201cWhen we began analyzing matter data in December 2025, AI\u2019s role in incidents appeared limited,\u201d the report says. \u201cHowever, as we approached our March 2026 publication date, we clearly passed a tipping point. AI is moving beyond serving as just an \u2018enhancer\u2019 for phishing: it is moving toward more sophisticated social engineering support and automation, and we are now seeing the rise of \u2018vibe hacking\u2019 and autonomous coordination between agentic AIs.\u201d<\/p>\n BakerHostetler cites a report from AI developer Anthropic, creator of Claude AI, in which the company disrupted fraudsters using Claude Code to automate reconnaissance, credential harvesting, and network penetration in one month\u2019s time against approximately 17 organizations in multiple industries<\/p>\n Of the 1,250-plus data incidents BakerHostetler handled for clients in 2025, some 68 resulted in one or more lawsuits. Seven incidents involved payment card data, while 59 involved Social Security numbers. Many others involved medical information or health-care organizations<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":" Ransomware and Phishing Still Drive Data-Security Incidents, But AI\u2019s Shadow Looms Jim Daly\u00a0March 27, 2026\u00a0E-Commerce,\u00a0Fraud & Security,\u00a0Law and Regulation,\u00a0Mobile Commerce,\u00a0Transaction Processing The average ransomware demand soared 70% to $4.24 million last year, while the average payment was up 36% to $682,702. Meanwhile, phishing remains the leading root cause of data-security incidents, accounting for 30%, according … Continue reading Ransomware and Phishing Still Drive Data-Security Incidents, But AI\u2019s Shadow Looms<\/span> ![\"\"](\"https:\/\/v6r2p5t5.delivery.rocketcdn.me\/wp-content\/uploads\/2026\/03\/fraud-1024x1024.jpg.webp\")
<\/figure>\n<\/div>\n![\"\"](\"https:\/\/v6r2p5t5.delivery.rocketcdn.me\/wp-content\/uploads\/2026\/03\/BH11003-logo_CMYK_FINAL.jpg.webp\"){kind=logo}
<\/figure>\n<\/div>\n