Cybersecurity insurance provider Coalition recently released its 2025 Cyber Claims Report, exploring the cyber threat landscape throughout 2024. The report details trends including a 7% decrease in overall claims frequency among Coalition policyholders, a 3% decrease in ransomware claims frequency, a 7% decrease in ransomware claims severity, and a plateau in overall claims severity. While many of the statistics outlined here are improvements over previous years, some should be cause for concern, such as a 23% increase in business email compromise (BEC) claims severity.
Email Compromise and Fraud Take Center Stage
According to the report, BEC and funds transfer fraud (FTF) accounted for 60% of total claims in 2024, with nearly 30% of BEC incidents escalating to FTF. This represents a 2% decrease in claims frequency and a 46% decrease in claims severity for FTF, down from its 2023 peak of $340,000. This decline is partially thanks to quicker reporting and response, limiting the damage that these events can do. On the other hand, the 23% increase in BEC claims severity is likely due to increased costs of mitigation and recovery from these events.
“While BEC claims cost businesses $35,000 on average, nearly a third of BEC incidents lead to FTF with a higher claims price tag of $106,000 on average,” says Chris Hendricks, Head of Coalition Incident Response. “Our research also found that phishing—by far the most common vector for BEC incidents—is also the third-most common initial access vector for ransomware, where the average loss last year was $292,000.” These statistics demonstrate that phishing protection is essential for defending against a wide range of attacks.
Ransomware Is Down—But Far From Out
Ransomware trends in the Cyber Claims Report show overall decreases both in severity and in frequency, but not in large amounts. Ransomware remains a significant part of the threat landscape, and the report highlights the most harmful ransomware variants and ransom demand trends.
The Akira and Black Basta ransomware families are both mentioned as significant players in ransomware trends. Akira was the top variant, comprising 13% of ransomware claims. Black Basta, despite making up only 3% of all ransomware claims, was the group with the highest ransom demands, averaging $4 million. Of the Coalition policyholders who were hit by ransomware in the previous year, 44% chose to pay the ransom, and Coalition negotiated an average of 60% reduced ransomware payments.
Active Insurance in Action: A Model that Works
One of the main takeaways from the statistics and analysis of the report is that an active insurance model like Coalition’s is effective at mitigating the myriad risks of cyber threats today. Cyber insurance with proactive protection enables organizations to manage risks and remediate any potential security incidents with fewer long-term losses.
Coalition policyholders saw 73% fewer claims than the industry average, with over 32,000 security issues proactively resolved. Coalition was able to claw back $31 million for policyholders, recovering an average of $278,000 for each FTF incident. The faster reporting of FTF events makes for lower retentions, helping clients remediate these incidents with fewer long-term losses.
Looking Ahead: A Growing Storm
It is important for organizations to use statistics on threat trends to shape their security strategies moving forward. March 2025 set a record for ransomware case volume, highlighting the pressing need for proactive protection against ransomware attacks, including advanced tools for rapid detection and response. The costs of recovery services and incident mitigation make it more difficult for organizations to remediate security incidents, driving surges in incident severity. The need for active insurance and policyholder engagement is at an all-time high.
