Majority of 2024 Cyber Insurance Claims Stemmed from Business Email Compromise or Funds Transfer Fraud
Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2025 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout the full year of 2024. The report found that ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack. The majority of 2024 claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF.
“Over the past year, our claims data clearly demonstrates one thing: Active Insurance works,” said Robert Jones, Head of Global Claims at Coalition. “Combining Coalition’s Active Data Graph, which provides a massive amount of data insights, with security tools and incident response, helps Coalition prevent claims from happening in the first place. And, when matters were reported to Coalition, 56% were handled without any out-of-pocket payments by the policyholder. We believe that this proactive engagement is a critical aspect of reducing global cyber risk.”
Ransom demands from threat actors decreased in 2024, dropping 22% year-over-year (YoY) to an average of $1.1 million. Notably, the average demand in the latter half of 2024 fell below $1 million for the first time in more than two years. Of all ransomware claims, Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of claims in 2024. The Black Basta variant accounted for just 3% of all ransomware claims, but was the highest in terms of demand, with an average of $4 million.
“While overall claims have stabilized, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars. Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time,” continued Jones. “Coalition continues to be an active partner in the fight against bad actors. We alert our policyholders to vulnerabilities in their networks, risky security practices, and the best ways to mitigate threats to reduce the impacts of cyber attacks.”
In 2024, Coalition’s cooperative efforts with authorities and panel partners contributed to the successful clawback of $31 million for policyholders, with an average recovery of $278,000. Coalition has firsthand knowledge that policyholders that quickly report FTF events have a greater likelihood of recovery. Last month, Coalition introduced a new financial incentive in its Active Cyber Policy1. Clients can receive lower retentions when they report FTF incidents within 72 hours of the initial fraudulent transfer, encouraging prompt action to improve the odds of recovery.
Other key findings from the report include:
- As claims frequency decreased by 7% YoY, claims severity remained stable.
- Ransomware claims frequency decreased by 3% and severity decreased by 7% YoY.
- BEC claims severity increased by 23%.
- FTF claims frequency decreased by 2% and severity decreased by 46% YoY. The sharp decline in severity follows the all-time high in 2023.
- When deemed reasonable and necessary, 44% of policyholders that experienced a ransomware incident opted to pay the ransom. Coalition Incident Response (CIR) was able to negotiate ransom payments down1 by an average of 60%.
- Coalition policyholders experienced 73%2 fewer claims than the industry average.
This report presents statistics, charts, and risk insights derived from data collected from Coalition policyholders in the United States, Canada, the United Kingdom, and Australia.
Download the full 2025 Cyber Claims Report from Coalition to learn more: https://web.coalitioninc.com/download-2025-cyber-claims-report.html.
| __________________ |
| 1 Applies to all non-admitted surplus lines new business and renewal quotes in the United States on or after April 15, 2025. Exclusions and limitations apply. See disclaimers and policy as issued. |
| 2 Ransomware negotiation data based on cases handled by Coalition Incident Response, Inc. a wholly-owned affiliate firm of Coalition, Inc. made available to all policyholders as an option via incident response firm panel selection. |
| 3 Industry average based on data reported by US insurers to the National Association of Insurance Commissioners (NAIC). Comparison performed using 2023 claims frequency data from Coalition and NAIC. Claims frequency is calculated using the number of standalone cyber claims reported by the NAIC, divided by the average of standalone cyber policies in force at the current and prior year-ends. |
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!