Despite drop in cyber claims, BEC keeps going strong
Ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack, according to Coalition.
60% of 2024 claims originated from BEC and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF. BEC claims severity increased 23% year-over-year (YoY) to an average loss of $35,000, primarily driven by a spike in the latter half of 2024.
FTF claims frequency decreased 2% YoY in 2024 to 0.44% and has continued to hover at 0.44% over the past three years. The significant decrease in FTF initial severity may be explained by changes in behaviors by both threat actors and financial institutions.
Ransom demands decline
Ransom demands from threat actors decreased in 2024, dropping 22% YoY to an average of $1.1 million. Notably, the average demand in the latter half of 2024 fell below $1 million for the first time in more than two years.
Of all ransomware claims, Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of claims in 2024. The Black Basta variant accounted for just 3% of all ransomware claims, but was the highest in terms of demand, with an average of $4 million.
When deemed reasonable and necessary, 44% of policyholders that experienced a ransomware incident opted to pay the ransom.
“While overall claims have stabilized, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars. Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time,” said Robert Jones, Head of Global Claims at Coalition.
Global claims frequency decreased 7% YoY in 2024 to 1.48% with a notable dip in the latter half of the year.
Claims severity in the US was lower ($108,000) than the global average in 2024. Severity in Canada was nearly double the global average ($226,000), while the UK was significantly lower ($35,000).
Businesses in the healthcare industry (hospitals, pharmacies, assisted care facilities, etc.) experienced a 19% YoY decrease in claims frequency in 2024 to 1.38% with an average of 1.45% over the past three years. Claims severity
for these businesses increased 32% YoY to an average loss of $145,000.
Cyber claims by revenue
SMBs often face devastating financial consequences from cyber attacks due to limited resources and in-house security expertise. Larger organizations, on the other hand, may have more sophisticated security programs but face highly targeted attacks due to their vast digital footprint and the volume of sensitive data they possess.
Claims frequency among businesses with less than $25 million in revenue decreased by 4% YoY in 2024, reaching 1.07%. This aligns closely with a three-year average of 1.08%. Despite having the lowest frequency compared to other revenue segments, these businesses still accounted for 64% of all claims filed in 2024.
Among businesses with revenue between $25 million and $100 million, claims frequency decreased by 5% YoY in 2024, reaching 3.99%. This aligns with a three-year average of 3.87%. While this segment has experienced more volatility in frequency in recent years, it still accounted for 20% of total claims in 2024.
Businesses with revenue over $100 million experienced a 6% YoY decrease in claims frequency in 2024, dropping to 5.97%. This compares to a three-year average of 6.06%. Despite the decline, larger businesses continued to experience claims more frequently than their smaller counterparts.