Coalition

The Black Basta variant had the highest average ransom demand at $4 million.

The average ransom demand in 2024 was $1.1 million.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

Cyber insurance claims frequency decreased by 7% year-over-year (YoY).

Ransom demands from threat actors decreased by 22% year-over-year (YoY) in 2024.

March 2025 held the highest volume of public ransomware cases of all time.

The majority of 2024 cyber insurance claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents.

Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of ransomware claims in 2024.

Black Basta accounted for just 3% of all ransomware claims in 2024.

FTF (funds transfer fraud) claims frequency decreased by 2% YoY.

The average ransom demand in the latter half of 2024 fell below $1 million for the first time in more than two years.

29% of BEC events resulted in funds transfer fraud in 2024.

BEC claims severity increased by 23% in 2024.

Ransomware cyber insurance claims frequency decreased by 3%.

Ransomware claims severity decreased by 7% YoY.

FTF (funds transfer fraud) claims severity decreased by 46% YoY. This sharp decline followed an all-time high in 2023.

Most ransomware claims in 2024 started with threat actors compromising perimeter security appliances (58%), like virtual private networks (VPNs) or firewalls.

Across all ransomware claims in 2024, the most common initial access vectors (IAVs) were stolen credentials (47%) and software exploits (29%).

Coalition detected over 5 million internet-exposed remote management solutions in 2024.

Coalition also detected tens of thousands of exposed login panels across the internet in 2024.

When applying for cyber insurance, most businesses (65%+) had at least one internet-exposed web login panel.

Remote desktop products were the second-most exploited vector for ransomware attacks in 2024, at 18%.

The total number of published software vulnerabilities will increase to over 45,000 in 2025.

The projected software vulnerability rate for 2025 is nearly 4,000 per month.

Insurance policyholders received critical alerts for just 0.15% of vulnerabilities published in the first ten months of 2024.

90% of vulnerabilities published in the first ten months of 2024 never triggered an alert for Coalition policyholders.

The predicted increase in software vulnerabilities for 2025 represents a 15% jump over the first 10 months of 2024.