Cyber Incident? Get Help

Coalition Releases 2022 Cyber Claims Report: Mid-year Update

New report finds increase in cost of claims for small businesses, decline in ransomware attacks, and decrease in overall claims cost and severity

SAN FRANCISCO — September 14, 2022 — Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends. Key findings include that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.

During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021. 

“Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Catherine Lyle, Coalition’s Head of Claims. “Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”

The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022. Of the incidents that resulted in a payment, Coalition negotiated down to roughly 20% of the initial demand.

More good news: Coalition policyholders experienced 50% fewer claims compared to the broader market. The severity of these claims has also declined, with 45% of incidents resolved at no cost. The substantial decrease in overall claims stems from Coalition’s combination of cybersecurity tools, including active monitoring and alerting, access to digital forensics and incident response, and broad insurance coverage. 

“Organizations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Chris Hendricks, Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”

Other key findings:

  • Phishing triggers the majority of cyber incidents, accounting for 57.9% of reported claims,

  • Cyber gangs have built a thriving business,

  • Funds transfer fraud (FTF) claims have held steady thanks to phishing, and 

  • Microsoft Exchange has become the vulnerability that persists.

To produce this report, Coalition analyzed claims data from the 160,000+ organizations it protects for the first half of 2022. By performing billions of security scans across the public internet, sending thousands of critical security alerts, and investigating cyber incidents, Coalition creates a picture of the industry landscape that empowers organizations to understand risk better, allowing the company to defend policyholders better as a result. The data in this report is an aggregation of claims and incident data, including the highest profile claim events and cyber attacks that continue to pose risks to all businesses. 

Click here to download the full 2022 Cyber Claims Report: Mid-year Update. To learn more about Coalition, visit

About Coalition Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Through its partnerships with leading global insurers, including Arch Insurance North America, Allianz, Ascot Group, Lloyd’s of London, Swiss Re Corporate Solutions, and Vantage, Coalition offers its Active Insurance products in the U.S., U.K., and Canada, and its security products to organizations worldwide. Coalition’s Active Risk Platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks. Headquartered in San Francisco, Coalition is a distributed company with a global workforce that collaborates both digitally and in office hubs.