Coalition 2025 Cyber Claims Report Finds Ransomware Stabilized but Remains Costly for Businesses
SAN FRANCISCO--(BUSINESS WIRE)-- Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2025 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout the full year of 2024. The report found that ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack. The majority of 2024 claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF.
'Over the past year, our claims data clearly demonstrates one thing: Active Insurance works,' said Robert Jones, Head of Global Claims at Coalition. 'Combining Coalition's Active Data Graph, which provides a massive amount of data insights, with security tools and incident response, helps Coalition prevent claims from happening in the first place. And, when matters were reported to Coalition, 56% were handled without any out-of-pocket payments by the policyholder. We believe that this proactive engagement is a critical aspect of reducing global cyber risk.'
Ransom demands from threat actors decreased in 2024, dropping 22% year-over-year (YoY) to an average of $1.1 million. Notably, the average demand in the latter half of 2024 fell below $1 million for the first time in more than two years. Of all ransomware claims, Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of claims in 2024. The Black Basta variant accounted for just 3% of all ransomware claims, but was the highest in terms of demand, with an average of $4 million.
'While overall claims have stabilized, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars. Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time,' continued Jones. 'Coalition continues to be an active partner in the fight against bad actors. We alert our policyholders to vulnerabilities in their networks, risky security practices, and the best ways to mitigate threats to reduce the impacts of cyber attacks.'
In 2024, Coalition's cooperative efforts with authorities and panel partners contributed to the successful clawback of $31 million for policyholders, with an average recovery of $278,000. Coalition has firsthand knowledge that policyholders that quickly report FTF events have a greater likelihood of recovery. Last month, Coalition introduced a new financial incentive in its Active Cyber Policy 1. Clients can receive lower retentions when they report FTF incidents within 72 hours of the initial fraudulent transfer, encouraging prompt action to improve the odds of recovery.
Other key findings from the report include:
As claims frequency decreased by 7% YoY, claims severity remained stable.
Ransomware claims frequency decreased by 3% and severity decreased by 7% YoY.
BEC claims severity increased by 23%.
FTF claims frequency decreased by 2% and severity decreased by 46% YoY. The sharp decline in severity follows the all-time high in 2023.
When deemed reasonable and necessary, 44% of policyholders that experienced a ransomware incident opted to pay the ransom. Coalition Incident Response (CIR) was able to negotiate ransom payments down 1 by an average of 60%.
Coalition policyholders experienced 73% 2 fewer claims than the industry average.
This report presents statistics, charts, and risk insights derived from data collected from Coalition policyholders in the United States, Canada, the United Kingdom, and Australia.
Download the full 2025 Cyber Claims Report from Coalition to learn more: https://web.coalitioninc.com/download-2025-cyber-claims-report.html.
__________________
1 Applies to all non-admitted surplus lines new business and renewal quotes in the United States on or after April 15, 2025. Exclusions and limitations apply. See disclaimers and policy as issued.
2 Ransomware negotiation data based on cases handled by Coalition Incident Response, Inc. a wholly-owned affiliate firm of Coalition, Inc. made available to all policyholders as an option via incident response firm panel selection.
3 Industry average based on data reported by US insurers to the National Association of Insurance Commissioners (NAIC). Comparison performed using 2023 claims frequency data from Coalition and NAIC. Claims frequency is calculated using the number of standalone cyber claims reported by the NAIC, divided by the average of standalone cyber policies in force at the current and prior year-ends.
Expand
About Coalition
Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage with cybersecurity tools, Coalition helps businesses manage and mitigate potential cyberattacks. Leveraging its relationships with leading global insurers and capacity providers, including Coalition Insurance Company, Coalition offers Active Insurance products to businesses in the United States, the United Kingdom, Canada, Australia, Germany, Denmark, and soon in Sweden. Policyholders can receive automated cyber alerts and access expert advice, as well as global third-party risk management tools through Coalition's cyber risk management platform, Coalition Control®.
Insurance products are offered by Coalition Insurance Solutions Inc. ('CIS'), a licensed insurance producer and surplus lines broker with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and available on an admitted basis through Coalition Insurance Company ('CIC') a licensed insurance underwriter (NAIC # 29530). Insurance products offered through CIS and CIC may not be available in all states. Complete license and carrier information is available here. CIS may receive compensation from an insurer or other intermediary in connection with the sale of insurance. All decisions regarding any insurance products referenced herein, including approval for coverage, premium, commission, and fees, will be made solely by the insurer underwriting the insurance under the insurer's then-current criteria. All insurance products are governed by the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions, and exclusions. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. or its affiliates.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
PURE Bioscience Unveils Revolutionary Membrane Treatment Solution for the Dairy and Beverage Industry
EL CAJON, Calif., June 02, 2025--(BUSINESS WIRE)--PURE Bioscience, Inc. (OTCQB: PURE) ("PURE," the "Company" or "we"), creator of the patented non-toxic silver dihydrogen citrate (SDC) antimicrobial, is proud to announce an innovative application method for membrane treatment in the dairy and beverage industry using our flagship product, PURE® Hard Surface. This groundbreaking solution addresses common membrane fouling and sanitization challenges, delivering outstanding results that enable operators to restore throughput and sanitize the membrane without damage or oxidation. Tom Myers, EVP of Technology & Development at PURE Bioscience, stated, "The introduction of PURE Hard Surface to the Dairy and Beverage industry represents a significant advancement in membrane treatment technology. This product delivers unmatched efficiency and enhances filtration operation and longevity." Key Attributes of PURE Hard Surface for Membrane Treatment: One Treatment—Zero Compromises: Achieve superior results with just one treatment. PURE Hard Surface effectively removes fouling, restores flow, and delays the need for membrane replacement without compromising membrane integrity. Proven Performance: Our solution boasts results with successful treatments demonstrating an impressive 4+ log reduction in 120 seconds. Additionally, it is NSF-listed, making it ideal for eliminating harmful bacteria in the dairy industry without causing membrane oxidation. Complete Penetration in Minutes: In practical applications, our treatment has shown complete membrane penetration within 5 minutes for reverse osmosis (RO) systems, effectively scrubbing away fouling and restoring throughput. Similarly, our ultrafiltration treatment (UF) systems resulted in immediate penetration and unmatched restoration of throughput while sanitizing to meet stringent quality specifications. Simplicity and Effectiveness: Membrane operators prefer PURE Hard Surface for its no-hassle approach. The ready-to-use formula requires no mixing—fill and go. Plus, with the lowest EPA toxicity rating, there is no need for personal protective equipment, making it highly safe for staff. Environmentally Safe: Our treatment poses no risks to wastewater systems, ensuring no impact on digesters or discharge permit compliance. Cost-Effective Solution: With just one treatment, manufacturers can sell full-priced finished goods, reduce operational costs, and significantly prolong the lifespan of their membranes, contributing to overall operational efficiency. "Our SDC technology is redefining what's possible in the food industry – and PURE Hard Surface is at the forefront," said Tim Steffensmeier, Vice President of Sales. "This modern membrane application brings a smarter, more efficient approach to streamlining operation, delivering a measurable cost savings, and empowers manufacturers to uphold the highest quality standards in the industry, without the negative trade-offs of traditional chemistry." Discover the transformative benefits of PURE Hard Surface for membrane treatment. For more information, visit contact one of our key distributors, or come to our booth at the Dairy Foods Membrane Technology Forum, June 2-4, 20025 in Bloomington, MN. How SDC Works SDC kills microorganisms by two modes of action: 1) the silver ion deactivates structural and metabolic membrane proteins, leading to microbial death; 2) the microbes view SDC as a food source, allowing the silver ion to enter the microbe. Once inside the organism, the silver ion denatures the DNA, which halts the microbe's ability to replicate and leads to its death. This dual action makes SDC highly and quickly effective against a broad spectrum of microbes. Traditional silver-based disinfectants have short shelf lives – from hours to days. SDC is a stabilized silver ion complex with a shelf life of several years. The unique bond between the silver ions in SDC allows them to remain in solution while making them more bioavailable for antimicrobial action. About PURE Bioscience, Inc. PURE focuses on developing and commercializing our proprietary antimicrobial products, primarily in food safety. We provide best-in-class solutions to combat the health and environmental challenges of pathogens and hygienic control. Our technology platform is based on patented, stabilized ionic silver, and our initial products contain silver dihydrogen citrate, better known as SDC. This broad-spectrum, non-toxic antimicrobial agent formulates well with other compounds. As a platform technology, SDC is distinguished from existing products in the marketplace because of its superior efficacy, reduced toxicity, and mitigation of bacterial resistance. PURE's mailing address is 771 Jamacha Rd. #512, El Cajon, California 92019 (San Diego County area), which serves as its official address for all business requirements. View source version on Contacts Tim Steffensmeier, Vice President of SalesEmail: tsteffensmeier@
Yahoo
2 hours ago
- Yahoo
Core & Main Named to Fortune 500® for First Time
15 years of consecutive growth and increasing demand for innovative water infrastructure solutions help earn national recognition ST. LOUIS, June 03, 2025--(BUSINESS WIRE)--Core & Main Inc. (NYSE: CNM) ("Core & Main"), a leading specialty distributor dedicated to advancing reliable infrastructure with local service, nationwide, proudly announces it has been named to the Fortune 500 list for the first time, ranked No. 497. This prestigious recognition highlights Core & Main's growth and success executing our strategy to provide products and services to address water infrastructure needs across the U.S. "We are incredibly honored to be included in the Fortune 500," said Mark Witkowski, CEO of Core & Main. "This is another milestone in our continued growth journey, and it's a testament to the strength of our business model combined with the dedication and expertise of our associates servicing their communities." Core & Main became an independent company in 2017, delivering sales growth and profitability both organically and through acquisitions. It began trading on the New York Stock Exchange, following its IPO in 2021, most recently posting $7.4 billion in revenue in FY24. "This recognition further shows we have the right strategy, people and offerings in place to deliver long-term growth," Witkowski said. "Our work is far from done, as there is an enormous opportunity and need to repair and upgrade water infrastructure for future generations. We take that responsibility very seriously, alongside our loyal customers and trusted suppliers. We thank everyone who has contributed to our success and shared in our vision to advance reliable infrastructure." The Fortune 500 is an annual ranking of the largest U.S. companies by total revenue, published by Fortune magazine. About Core & Main Based in St. Louis, Core & Main is a leader in advancing reliable infrastructure™ with local service, nationwide®. As a specialty distributor with a focus on water, wastewater, storm drainage and fire protection products and related services, Core & Main provides solutions to municipalities, private water companies and professional contractors across municipal, non-residential and residential end markets, nationwide. With more than 370 locations across the U.S., the company provides its customers local expertise backed by a national supply chain. Core & Main's 5,700 associates are committed to helping their communities thrive with safe and reliable infrastructure. Visit to learn more. Cautionary Note Regarding Forward-Looking Statements This press release contains "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Forward-looking statements include, without limitation, all statements other than statements of historical facts contained in this press release, including statements relating to our intentions, beliefs, assumptions or current expectations concerning, among other things, our future results of operations and financial position, business strategy and plans and objectives of management for future operations, including, among others, statements regarding expected growth, future capital expenditures, capital allocation and debt service obligations, and the anticipated impact on our business. Some of the forward-looking statements can be identified by the use of forward-looking terms such as "believes," "expects," "may," "will," "shall," "should," "would," "could," "seeks," "aims," "projects," "is optimistic," "intends," "plans," "estimates," "anticipates" or the negative versions of these words or other comparable terms. Forward-looking statements are subject to known and unknown risks and uncertainties, many of which may be outside our control. We caution you that forward-looking statements are not guarantees of future performance or outcomes and that actual performance and outcomes, including, without limitation, our actual results of operations, financial condition and liquidity, and the development of the market in which we operate, may differ materially from those made in or suggested by the forward-looking statements contained in this press release. Additional information concerning these and other factors can be found in our filings with the Securities and Exchange Commission. All forward-looking statements attributable to us or persons acting on our behalf are expressly qualified in their entirety by the foregoing cautionary statements. All such statements speak only as of the date made and, except as required by law, we undertake no obligation to update or revise publicly any forward-looking statements, whether as a result of new information, future events, or otherwise. View source version on Contacts Media Relations Patrick Lunsford314-789-0726media@ Investor Relations Glenn Floyd314-995-9108investorrelations@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
2 hours ago
- Yahoo
CrowdStrike and Microsoft Collaborate to Harmonize Cyber Threat Attribution
Landmark industry collaboration maps threat actor aliases across vendors to accelerate response and strengthen global cyberdefense AUSTIN, Texas, June 02, 2025--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) and Microsoft today announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimizes confusion caused by different naming systems and accelerates cyber defenders' response against today's and tomorrow's most sophisticated adversaries. The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources, and analytic rigor. These taxonomies provide critical adversary context to help organizations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a 'Rosetta Stone' for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard. By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies. "This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere." The collaboration will start with a shared analyst-led effort to harmonize adversary naming between CrowdStrike and Microsoft's threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community. "Cybersecurity is a defining challenge of our time, especially in today's AI-driven era," said Vasu Jakkal, Corporate Vice President, Microsoft Security. "Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world." This collaboration builds on each company's deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. To learn more about the CrowdStrike and Microsoft collaboration on cyber threat attribution, please visit our blog. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. Learn more: Follow us: Blog | X | LinkedIn | Facebook | Instagram Start a free trial today: © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services. View source version on Contacts Media Contacts: Jake SchusterCrowdStrike Corporate Communicationspress@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
