Business email compromise (BEC) and funds transfer fraud (FTF) made up 60% of cyber insurance claims in 2024, according to the
Coalition 2025 Cyber Claims Report published Wednesday.
The report offers an overview of claims made by policyholders to cyber insurance provider Coalition in 2024, revealing an overall decrease in claims frequency across many categories and a general stabilization of average loss amounts, although average loss amounts varied greatly between the countries served by Coalition (the United States, United Kingdom, Canada and Australia).
The average loss amount was $115,000 per claim, but was significantly higher in Canada, where the average was $226,000. In the U.S., average losses per claim were about $108,000, while they were lowest in the UK, which saw just $35,000 in losses per claim on average.
BEC and FTF dominate cyber insurance claims
BEC attacks stood out as having the greatest increase in claims severity in 2024 – a 23% increase from about $28,500 to $35,000 on average in cases that did not also include FTF or ransomware. Additionally, average BEC losses reached a three-year peak in the second half of 2024, resulting in claimed losses of about $44,500 on average.
While the costs of BEC attacks alone rose in 2024, nearly a third (29%) of all
BEC events last year resulted in FTF, where victims were tricked into transferring funds to cybercriminals. FTF attacks stemming from BEC cost an average of $106,000 on average, and overall FTF events resulted in average losses of $185,000, a significant 46% decrease from an all-time high of $340,000 in 2023.
Notably, fewer high six-figure and seven-figure FTF attempts were noted in the past year, potentially due to increased flagging of large transactions by financial institutions, and Coalition aided in the recovery of an average $278,000 per event through cooperation with government authorities and panel partners. Overall, nearly a quarter of FTF victims achieved a partial recovery of funds, and 12% achieved full recovery, according to Coalition.
Ransomware attacks result in highest losses
Claim severity was highest for
ransomware attacks compared with other types of incidents, and ransomware attacks made up about 21% of claims in 2024. The average loss claimed from a ransomware attack in 2024 was $292,000, which is a 7% year-over-year decrease and a significant decrease from the peak of $393,000 in the first half of 2023. Overall ransomware claims frequency decreased by 3% in 2024.
About 44% of policyholders who
fell victim to ransomware decided to pay ransom “when deemed reasonable and necessary,” Coalition reported, with the insurer negotiating ransomware payments down by an average of 60% in these cases. Ransom demand amounts notably decreased by 22% in 2024, to an average of $1.1 million, and fell below $1 million to a three-year low of $854,155 in the second half of 2024.
Beyond ransom payment, business interruption was the greatest source of loss for victims, costing an average of $102,000. The most common ransomware strain identified in ransomware insurance cases was Akira, accounting for 13.4% of events, followed by Play ransomware at 6.2%, MedusaLocker at 5.7% and RansomHub and FOG, both at 4.6%. While accounting for only 3% of ransomware claims,
Black Basta had the highest average ransom demand at $4 million.
Third-party breaches cost organizations $42K on average
While making up a smaller percent of claims, “miscellaneous first-party loss” cases were noted to see a 10% year-over-year increase in average losses in 2024, totaling $49,000. Losses were most severe in the second half of the year, reaching more than $67,000. These cases, which constituted nearly 12% of all claims, include malware infections without data theft, insider threats, email or domain impersonation, invoice manipulation and third-party breaches.
Third-party breaches made up more than half (52%) of these miscellaneous first-party loss cases in 2024, and resulted in average losses of $42,000. Two of the most notable third-party breach cases from the last year were the
Change Healthcare ransomware attack in February 2024 and the
CDK Global ransomware attack in June 2024.
Coalition found that, among its policyholders, the average severity of a Change Healthcare-related claim was $22,000 and the average severity of a CDK Global-related claim was $63,000.
