FTC observed a decline in high-value claims, indicating that financial institutions are detecting fraud more efficiently by flagging large transactions with greater scrutiny. (Credit: kras99/stock.adobe.com)
The most recent Coalition 2025 Cyber Claims Report indicates that so-called business email compromise (BEC) together with funds transfer fraud remain the most prevalent cyber claims, accounting for 60% of total cyber insurance claims made by the firm’s policyholders in 2024. Ransomware, while still a major risk with average demands still in the millions of dollars, has decreased slightly in frequency and severity. Forty-four percent of Coalition policyholders who suffered ransomware attacks opted to pay the ransom.
BEC and FTF: The leading causes of cyber insurance claims
Business email compromise, in which cybercriminals use sophisticated social engineering tactics and AI-generated content to impersonate top executives, tricking employees into transferring funds or revealing confidential information, increased in severity by 23%.
For Coalition policyholders specifically, funds transfer fraud (FTF), where victims were convinced to transfer money to fake accounts, cost an average of $185,000 last year. FTC observed a decline in high-value claims, indicating that financial institutions are detecting fraud more efficiently by flagging large transactions with greater scrutiny.
Third-party breaches, where attackers exploit vulnerabilities in vendors, suppliers, or service providers, made up 52% of loss cases last year. In February 2024, third-party ransomware attacks disrupted Change Healthcare, which affected 190 million people, followed by a similar third-party breach impacting CDK Global four months later.
Ransomware payments decreased, but are still the most costly
Ransomware payment trends shifted last year, with a noticeable decrease in the overall amount paid. Chainalysis reported a 35% decrease in ransomware payments in 2024, dropping to $813 million from $1.25 billion in 2023.
However, while total payments declined, the median ransom size increased, indicating a trend toward larger, more targeted attacks.
With organizations paying fewer ransoms in 2024 compared to the previous year, ransomware groups are stepping up their efforts in response to diminishing returns. The number of successful attacks has risen. In 2024, over 5,260 successful attacks were recorded, and the number of data link sites containing victims more than doubled.
TechTarget reports that U.S. ransomware attacks increased by 149% year over year in the first five weeks of 2025.
Recent analysis of cyberthreat patterns by CISA (Homeland Security) revealed alarming trends in ransomware incidents affecting businesses and institutions:
- Soaring extortion costs: Attackers now demand unprecedented sums, with some ransoms exceeding $75 million.
- Economic toll: Post-attack recovery expenses average $2.73 million per breach, but healthcare organizations face costs nearing $10 million per incident due to operational complexities.
- High-risk sectors: Critical infrastructure providers, manufacturing firms, and crypto platforms are prime targets for threat actors. Healthcare providers saw ransom requests climb beyond $20 million, often paralyzing patient care systems.
- Legal fallout: Organizations increasingly face class-action litigation over failures to disclose breaches, inadequate safeguards, and prolonged operational downtime.
- Evolving tactics: Cybercriminals now deploy refined methods, including dual-threat attacks (data theft + encryption), and agentic AI bots that can work collaboratively to automate attack campaigns, amplifying risks like regulatory fines, service outages, and reputational harm.
Strengthening cybersecurity to reduce cyber insurance claims
To reduce the likelihood of cyber claims, organizations can proactively bolster their cybersecurity posture by practicing the following best practices:
Reinforce email security to prevent BEC and FTF: Implement AI-powered email filtering that detects phishing attempts and impersonation emails, as well as AI-driven fraud detection tools that can identify and prevent fraudulent transactions. Implement zero-trust access privileges and multi-factor authentication for email and financial transactions to avoid unauthorized access. Monitor user behavior activity to detect suspicious patterns, such as unusual access locations or time zones, which are characteristic of a BEC attempt.
Verify email senders: Use email authentication protocols to prevent spoofing and impersonation attacks. Prevent employees from unknowingly sending money to fake accounts by enforcing rigorous protocols for authenticating fund transfers, including multi-person approval processes.
Train Employees: Regularly educate employees on how to identify and respond to BEC attacks. Regular simulated exercises on BEC scams can ensure that employees learn to recognize early warning signs such as phishing links and domain mismatches.
Implement human risk management: Quantify risks stemming from human behavior—such as errors, manipulation, or deliberate actions—by continuously analyzing end user habits, implementing tailored interventions, and fostering behavioral changes via cybersecurity awareness training to reduce vulnerabilities.
Mitigate third-party risks: Organizations should assess and safeguard their vendor relations by conducting regular security assessments. Utilizing AI-enhanced predictive analytics and threat intelligence can help identify potential breach indicators within supplier networks before they worsen into significant issues. Additionally, securing data transfers is essential to prevent cybercriminals from capitalizing on vendor relationships; this is achievable through data encryption and implementing data loss prevention measures for all communications with third-party providers.
Develop an incident response plan: Reduce downtime following a cyberattack by utilizing automated recovery systems that redirect workloads to backup infrastructure for quicker resolution. Practice cyberattack simulations to assess the effectiveness of responses and improve teamwork for better preparedness. Partner with law enforcement and cyber insurance providers to help in the recovery of stolen assets.
In summary
Socially engineered fraud and ransomware remain critical risks. Business email compromise and funds transfer fraud underscore vulnerabilities in human-centric processes. Mitigation requires proactive steps: enhancing email security through advanced filtering and multi-factor authentication, employee training to detect phishing attempts, and securing third-party networks with rigorous assessments. Prioritizing human risk management, threat detection, and incident response readiness, reduces operational and financial fallout. Resilience lies in adapting defenses to counter these threats, mitigating exposure through vigilance and layered defenses.
About the author
Stu Sjouwerman (pronounced “shower-man”) is the founder and executive chairman of KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management with over 70,000 customers and more than 60 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, he was co-founder of Sunbelt Software, the anti-malware software company that was acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.”
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.