The majority of cyber insurance claims in 2024 were the result of business mail compromise or funds transfer fraud, according to digital risk insurance provider Coalition.

The San Francisco-based company’s 2025 Cyber Claims Report details emerging cyber trends and their impact on Coalition policyholders throughout 2024.

The report found that ransomware claims stabilized in 2024, despite remaining the most costly and disruptive type of cyberattack.

The majority of claims (60 percent) last year originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

“Over the past year, our claims data clearly demonstrates one thing: Active Insurance works,” said Robert Jones, head of Global Claims at Coalition. “Combining Coalition’s Active Data Graph, which provides a massive amount of data insights, with security tools and incident response, helps Coalition prevent claims from happening in the first place. And, when matters were reported to Coalition, 56 percent were handled without any out-of-pocket payments by the policyholder. We believe that this proactive engagement is a critical aspect of reducing global cyber risk.”

Ransom demands decreased in 2024, dropping 22 percent year-over-year (YoY) to an average of $1.1 million. Average demand in the latter half of 2024 fell below $1 million for the first time in more than two years.

Of all ransomware claims, Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13 percent of claims in 2024.

The Black Basta variant accounted for just 3 percent of all ransomware claims, but was the highest in terms of demand, with an average of $4 million.

As claims frequency decreased by 7 percent YoY, claims severity remained stable.

Ransomware claims frequency decreased by 3 percent and severity decreased by 7 percent YoY. Losses averaged $292,000 per occurrence. The decline is likely doe to initial demands falling to below $1 million for the first time in two years.

Besides the ransom demand, key drivers of a ransomware loss include costs related to business interruption, digital asset restoration, and forensic investigation.

BEC claims severity increased by 23 percent and on averaged $35,000 per loss. The rise in severity, according to the report, was driven by mitigation and recovery costs.

FTF claims frequency decreased by 2 percent and severity decreased by 46 percent YoY, averaging $185,000 per loss. The sharp decline in severity follows the all-time high in 2023.

Businesses in the consumer staples industry (agriculture, food and beverage, personal hygiene, etc.) experienced the highest claims frequency in 2024,increasing 17 percent YoY to 2.60 percent.

Claims frequency among businesses with less than $25 million in revenue decreased 4 percent YoY in 2024 to 1.07 percent.

Businesses between $25 million and $100 million in revenue saw claims frequency decrease 5 percent YoY in 2024 to 3.99 percent.

Businesses with more than $100 million in revenue experienced a 6 percent YoY decrease in claims frequency in 2024 to 5.97 percent.

When deemed reasonable and necessary, 44 percent of policyholders that experienced a ransomware incident opted to pay the ransom. Coalition Incident Response (CIR) was able to negotiate ransom payments down1 by an average of 60 percent.

Third-party breaches accounted for more than half of all claim, the internal data showed.

Miscellaneous first-party loss claims frequency decreased 19 percent YoY in 2024 to 0.17 percent, while severity increased 10 percent YoY in 2024 to an average loss of $49,000.

Third-party allegations frequency decreased 50 percent YoY in 2024 to 0.02 percent, with severity also declining to 86 percent YoY in 2024 to an average loss of $23,000.

“While overall claims have stabilized, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars. Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time,” Jones added.

The cyber risk insurer successfully clawed back $31 million for policyholders, with an average recovery of $278,000.

According to its data, Coalition policyholders experienced 73 percent fewer claims than the industry average.

Because policyholders that quickly report FTF events have a greater likelihood of recovery, Coalition introduced a new financial incentive to its Active Cyber Policy. Clients can receive lower retentions when they report FTF incidents within 72 hours of the initial fraudulent transfer, thereby improving the odds of recovery.