Insights from Coalition's 2025 Cyber Claims Report

At the outset of 2024, cybercrime was predicted to cost the world $9.5 trillion.

An estimate of this magnitude may have seemed astronomical at the time, but concerns about the rise of ransomware, new AI-powered phishing tactics, and more supply chain attacks all came to fruition last year.

Globally, we witnessed a record-high number of vulnerabilities, new cohorts of ransomware gangs, and widespread attacks that devastated entire industries.

The good news is that we know our adversaries’ Achilles’ heel: Active Insurance. 

Despite an ever-changing landscape in 2024, Coalition observed remarkable year-over-year stability. The findings in our newest report reaffirm the fact that prevention must be prioritized over reaction to effectively combat cyber risk.

Below, we’ll explore some of the key insights from Coalition’s 2025 Cyber Claims Report.

Claims frequency decreased 7% as email-based attacks persisted

Despite the turbulent threat landscape, global claims frequency decreased 7% year-over-year (YoY) in 2024, a trend shared across all revenue segments.

Meanwhile, global claims remained stable, with an average loss amount of $115,000 — a significant amount of money for any organization but especially for small and midsize businesses (SMBs). 

Email inboxes remained a crucial target for the third consecutive year. Together, business email compromise (BEC) and funds transfer fraud (FTF) events accounted for 60% of all claims. Ransomware events were slightly less common (21%) but remain the most costly and disruptive of all cyber attacks. 

Business email compromise severity increased 23%

While BEC claims frequency remained consistent YoY in 2024, BEC claims severity increased 23% to an average loss of $35,000, primarily driven by a spike in the second half of 2024.

The increase in BEC severity was, in part, driven by increased prices related to legal expenses, incident response firms, data mining, notifications, and other mitigation and recovery efforts.

Across all BEC events in 2024, 29% resulted in an FTF event, in which cyber criminals manipulated businesses into unknowingly sending money to fraudulent accounts. In these instances, the average claim severity increased to an average loss amount of $106,000. 

In 2024, 29% of all business email compromise events resulted in a funds transfer fraud event.

Funds transfer fraud initial severity decreased 46%

FTF events remain one of the easiest ways for attackers to monetize cybercrime, which is why FTF claims frequency has remained relatively consistent over the last three years. In 2024, FTF claims frequency decreased 3% YoY. 

The severity of these events, however, has been far from predictable. FTF initial claims severity decreased 46% YoY to an average loss of $185,000. The sharp decline followed an all-time high in 2023, when FTF initial severity for the entire year topped $340,000. 

But if the money is an “easy” grab for attackers, why is severity down?

The significant decrease may be explained by behavioral changes by both threat actors and financial institutions. Coalition has observed fewer FTF attempts with high six-figure and seven-figure amounts, possibly due to the implementation of precautionary measures by banks, such as flagging large transactions and holding them for an extended period of time.

Fortunately, when a policyholder reports an FTF event to Coalition, we take swift action based on the options available within the jurisdiction and do everything possible to “claw back” stolen money.

Coalition successfully clawed back $31 million in stolen funds on behalf of policyholders in 2024.

In 2024, Coalition’s cooperative efforts with authorities and panel partners contributed to the successful clawback of $31 million with an average recovery of $278,000. In these cases, Coalition policyholders made a partial recovery in 24% of all reported FTF events and a full recovery in 12% of reported events.

Ransomware severity decreased 7% alongside dip in ransom demands

Ransomware claims frequency decreased 3% YoY in 2024, while ransomware claims severity decreased 7% to an average loss of $292,000. 

A significant driver of the dip in ransomware severity was a decrease in initial ransom demands, which fell 22% YoY in 2024 to an average of $1.1 million. In the second half of 2024, the average ransom demand fell below $1 million for the first time in two years.

When deemed reasonable and necessary, 44% of policyholders that experienced a ransomware event opted to pay the ransom. In these cases, Coalition Incident Response directly engaged threat actors and, on average, successfully negotiated a 60% reduction in payment based on the initial demand.*

The Power of Active Insurance

The power of Active Insurance is visible in Coalition claims data. Time and time again, we see that the businesses most successful in combating cyber risk are those that proactively invest in security controls, leverage access to real-time threat intelligence, and take action based on emerging risks rather than past events.

The end result? Fewer attacks, less financial burden, and a stronger security posture. It’s no wonder that Coalition policyholders experience 73% fewer claims than the industry average.**

Looking ahead, the path forward is clear: Prevention must be prioritized over reaction. The companies that embrace continuous cybersecurity improvements, strategic risk management, and early threat detection will be best positioned to withstand future attacks.

Coalition policyholders experience 73% fewer claims than the industry average.

Want to go deeper on claims insights? The 2025 Cyber Claims Report features new data on business interruption costs, third-party data breaches, industry segments, and more. 

Download the full report now. 

*Ransomware negotiation data based on cases handled by Coalition Incident Response, an affiliate firm made available to all policyholders via panel selection.

**Industry average based on data reported by US insurers to the National Association of Insurance Commissioners (NAIC). Comparison performed using 2023 claims frequency data from Coalition and NAIC. Claims frequency is calculated using the number of standalone cyber claims reported by the NAIC, divided by the average of standalone cyber policies in force at the current and prior year-ends.

Insurance products are offered in the U.S. by Coalition Insurance Solutions Inc. (“CIS”), a licensed insurance producer and surplus lines broker, (Cal. license # 0L76155) acting on behalf of a number of unaffiliated insurance companies, and on an admitted basis through Coalition Insurance Company (“CIC”) a licensed insurance underwriter (NAIC # 29530). See licenses and disclaimers. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.

This blog post is designed to provide general information on the topic presented and is not intended to construe or the rendering of legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites.