Cyber Threats Stabilize as Active Insurance Drives Down Claims and Losses in 2024

In today’s interconnected digital economy, cyber risk is a constant threat to organizations of all sizes and sectors. Yet, in the face of persistent and evolving cyber threats, Coalition’s 2025 Cyber Claims Report reveals an encouraging trend: stability in both the frequency and severity of cyber claims throughout 2024. This outcome isn’t coincidental — it’s the result of a proactive, prevention-first strategy that Coalition brands as Active Insurance.

The report attributes the flattening of risk trends to several key components of its Active Insurance model: data-informed underwriting, continuous monitoring, real-time threat alerts, and hands-on incident response. These measures collectively enable policyholders to identify and address risks before they escalate into costly claims. As a result, Coalition’s clients experienced 73% fewer claims than the industry average, reinforcing the importance of active engagement over passive coverage.

Notable insights from the 2025 report include the significant roles that business email compromise (BEC), funds transfer fraud (FTF), and ransomware continue to play in the cyber threat landscape. In fact, 60% of all claims originated from BEC and FTF, with 29% of BEC incidents resulting in fraudulent fund transfers. While BEC claims frequency held steady, the average severity jumped 23% year-over-year, driven by higher legal and incident response costs. Meanwhile, FTF claims saw a sharp 46% drop in initial severity, attributed in part to improved threat detection and financial institution interventions. Coalition’s success in recovering $31 million in stolen funds also points to the value of immediate response capabilities.

Ransomware remained the costliest attack type, with an average claim of $292,000. However, the report highlights a 7% decline in ransomware claim severity and a 22% drop in initial ransom demands — positive indicators suggesting increased resilience among policyholders. Coalition’s negotiation efforts were instrumental, reducing ransom payments by an average of 60%. The firm also underscores that costs related to business interruption, digital asset restoration, and forensic services often exceeded the ransom demand itself.

The report further explores the growing impact of third-party events, particularly risk aggregation scenarios such as the Change Healthcare and CDK Global attacks, which affected broad segments of the healthcare and auto industries. While these events drove miscellaneous first-party claims, proactive measures such as real-time alerts and strategic vendor assessments helped mitigate broader exposure.

Ultimately, Coalition’s data confirms that prevention works. Organizations that treat cyber insurance as a risk management partnership — rather than just financial protection — are better equipped to withstand today’s threats. The future of cyber insurance will favor those who act before incidents occur, embracing tools, training, and tactics that stop attacks in their tracks. As the cyber landscape continues to evolve, the emphasis remains clear: proactive defense is the strongest protection.