Coalition has released its 2025 Cyber Claims Report, outlining key trends and data based on policyholder claims activity throughout 2024.
The findings show that while ransomware incidents remained the most financially damaging cyberattack, they stabilized in volume compared to previous years. Most claims filed last year stemmed from business email compromise (BEC) and funds transfer fraud (FTF) incidents.
According to the report, 60% of all cyber claims in 2024 were tied to BEC and FTF, with 29% of BEC cases leading to fraudulent fund transfers. Ransomware accounted for a smaller proportion of incidents but remained a primary driver of high-cost claims.
The average ransomware demand decreased 22% year over year to $1.1 million, with the second half of the year marking the first time in over two years that average demands dropped below $1 million.
Akira ransomware emerged as the most reported variant among Coalition policyholders, responsible for 13% of ransomware claims. Although less frequent, the Black Basta variant resulted in the highest demands, averaging $4 million per claim.
In 2024, ransomware attacks in the United States led to unprecedented financial losses, with the FBI reporting a total cost of $16.6 billion – a 33% increase from the previous year. This surge underscores the growing impact of ransomware on US organizations.
Despite the rise in overall costs, direct payments to ransomware actors saw a significant decline. According to a report from Chainalysis, these payments dropped by 35% in 2024, totaling approximately $814 million, down from $1.25 billion in 2023. This reduction is attributed to enhanced law enforcement actions, improved cybersecurity measures, and stricter cryptocurrency regulations.
The financial sector experienced notable impacts, with recovery costs averaging $2.58 million per incident in 2024, up from $2.23 million in 2023. Ransom demands in this sector varied widely, ranging from $180,000 to $40 million, with an average demand of $6.9 million. Additionally, the sector faced significant downtime costs, estimated at $32.3 billion since 2018.
Robert Jones (pictured above), head of global claims at Coalition, said the company’s active insurance model helped reduce claim costs and the overall number of incidents requiring policyholder payouts. He noted that 56% of claims reported to Coalition in 2024 were resolved without any out-of-pocket expense to the insured.
Despite the stabilization in overall cyber claims, Jones said that ransomware remains a serious concern. He cited a spike in activity during March 2025, which saw the highest volume of public ransomware cases to date. He added that Coalition’s approach includes real-time alerts to policyholders on vulnerabilities and security risks, aimed at mitigating attack impact.
Additional data from the report showed a 7% year-over-year decline in overall claims frequency, while severity held steady. Ransomware claim frequency dropped 3%, and severity declined 7%. BEC claims saw a 23% increase in severity, whereas FTF claims fell 2% in frequency and 46% in severity, following a record-high impact in 2023.
The report also noted that 44% of ransomware-affected policyholders chose to pay the ransom when deemed necessary. Coalition Incident Response (CIR) teams were able to negotiate average reductions in ransom demands of 60%.
Coalition concluded that its policyholders experienced 73% fewer claims than the industry average in 2024, based on internal and comparative industry data.
What are your thoughts on this story? Please feel free to share your comments below.
