Ransomware claims stabilised in 2024 despite remaining the most costly and disruptive form of cyberattack, according to cyber specialist Coalition.
Its 2025 Cyber Claims Report found that 60% of claims originated from incidents involving compromised business emails and fund transfer fraud (FTF).
Ransom demands from threat actors fell in 2024, dropping 22% year-on-year to an average of $1.1m. The average demand in the latter half of 2024 fell below $1m for the first time in more than two years.
“While overall claims have stabilised, cyber attackers, and ransomware actors in particular, still pose a tremendous threat to businesses, with the average demand still in the millions of dollars,” said Coalition’s global head of claims Robert Jones. “Unfortunately, ransomware is already back with a vengeance in 2025, as March held the highest volume of public ransomware cases of all time.”
The specialist worked with authorities and partners to claw back $31m for policyholders, with an average recovery of $278,000. It urged policyholders to report FTF incidents quickly, as this increases the likelihood of recovery.
