Ransomware claims remained the most financially damaging cyber threat, despite a stabilisation in their frequency in 2024. The finding is part of cyber insurer Coalition’s 2025 Cyber Claims Report, based on data from the company’s policyholders across the US, Canada, the UK, and Australia.
The report highlighted that ransomware remained the most expensive form of cyberattack, despite a 3% year-over-year (YoY) decrease in claim frequency and a 7% reduction in severity.
“While overall claims have stabilised, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars,” said Coalition Global Claims head Robert Jones. “Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time.”
BEC and FTF drive majority of claims
Business email compromise (BEC) and funds transfer fraud (FTF) were the most prevalent cyber incidents, accounting for 60% of all claims in 2024. Notably, 29% of BEC events led to FTF incidents.
FTF claim frequency decreased by 2% YoY in 2024, while the severity saw a significant 46% decline, averaging a loss amount of $185,000. Conversely, BEC claim severity increased by 23%, with an average loss amount of $35,000. In the US, the severity of BEC claims averaged $36,000, surpassing the global average. Meanwhile, both Canada and the UK reported lower figures, with an average of $22,000.
Ransom demands from threat actors decreased by 22% YoY, averaging $1.1m. In the latter half of 2024, the average demand fell below $1m for the first time in over two years. Among ransomware variants, Akira was the most prevalent, accounting for 13% of claims. Black Basta, though comprising only 3% of claims, had the highest average ransom demand at $4m.
Coalition’s efforts in collaboration with authorities and partners resulted in the recovery of $31m for policyholders in 2024, with an average recovery of $278,000. The company further claimed that Coalition policyholders experienced 73% fewer claims than the industry average. Furthermore, 44% of policyholders involved in ransomware incidents opted to pay the ransom when deemed reasonable and necessary.
The report also noted that Coalition issued over 85,000 security alerts to active policyholders through its cyber risk management platform, Coalition Control. This measure directly led to the mitigation of more than 32,000 security issues.
An IBM report released last month highlighted an 84% rise in the use of infostealers delivered via email in 2024 compared to the previous year. The trend suggested a substantial shift towards credential theft, while ransomware incidents targeting enterprises have significantly declined.
Read more: Ransomware payments drop 35% in 2024 amid law enforcement crackdowns
