Joy Agwunobi
A newly released report by Coalition, a cyber insurance provider, has highlighted a notable shift in the cyber threat landscape, with Business Email Compromise (BEC) and Funds Transfer Fraud (FTF) accounting for a combined 60 per cent of cyber insurance claims in 2024.
The findings are contained in its report titled “2025 Cyber Claims Report,” which analyses cyber claim trends based on policyholder activity over the past year.
According to the report, while ransomware attacks continued to be the most financially damaging form of cyberattack, their overall frequency plateaued in 2024. In contrast, incidents involving compromised business emails and fraudulent fund transfers emerged as the leading drivers of cyber insurance claims. Notably, 29 per cent of BEC-related cases led directly to successful fraudulent fund transfers.
Coalition, which brands itself as the world’s first Active Insurance provider, said its data-driven approach to cyber risk mitigation helped many clients resolve incidents with minimal financial impact. The company combines real-time data insights through its proprietary Active Data Graph with embedded security tools to identify and pre-empt threats.
“Over the past year, our claims data clearly demonstrates one thing: Active Insurance works,” said Robert Jones, head of Global Claims at Coalition. “Through a combination of data intelligence, proactive alerts, and rapid incident response, we were able to resolve 56 per cent of reported cases without requiring policyholders to make any out-of-pocket payments.”
The report further noted that though ransomware was less prevalent in terms of overall incidents, it remained the costliest type of attack for affected organisations. However, there were signs of positive movement; average ransom demands dropped 22 per cent year-on-year to $1.1 million. For the first time in over two years, the latter half of 2024 saw average ransomware demands dip below $1 million.
Among ransomware variants, Akira emerged as the most commonly reported by Coalition’s policyholders, accounting for 13 per cent of ransomware claims. Meanwhile, the Black Basta variant, though responsible for only 3 per cent of cases, had the highest average demand at a staggering $4 million.
Coalition’s incident response team was also able to negotiate ransom demands down by an average of 60 per cent, and in cases where payment was deemed necessary, 44 per cent of affected policyholders proceed with payment under carefully managed circumstances.
The report noted a 23 per cent rise in the severity of BEC-related claims, signaling that while the number of incidents may not be increasing rapidly, their financial and operational consequences are becoming more serious. On the other hand, the severity of FTF claims dropped significantly by 46 per cent year-on-year — a decline attributed to the unusually high losses recorded in 2023.
Although total claims frequency declined by 7 per cent year-over-year in 2024, the overall severity of cyber incidents remained consistent, underscoring the continued need for heightened vigilance among businesses.
While the data pointed to relative stability last year, the report noted a resurgence in ransomware activity in early 2025. “Unfortunately, ransomware is already back with a vengeance in 2025, with March recording the highest volume of publicly disclosed ransomware attacks on record,” the report warned.
In response, Coalition continues to act as a strategic partner for its policyholders, delivering alerts about system vulnerabilities, highlighting risky practices, and offering guidance on mitigation strategies to reduce the impact of future cyber threats.
Coalition’s report draws insights from its global policyholder base across the United States, Canada, the United Kingdom, and Australia. Compared to the broader industry, Coalition policyholders reported 73 per cent fewer claims, a testament to the insurer’s preemptive and data-centric model.
“While the nature of cyber threats continues to evolve, the key to effective risk management lies in staying ahead through data, awareness, and timely response,” Jones concluded.
