Between 2019 and 2023, manufacturing experienced large losses primarily from ransomware (86.7%), followed by other causes (10.0%) and data breaches (3.3%).

Between 2019 and 2023, technology experienced large losses primarily from other causes (38.0%), followed by ransomware (32.0%) and data breaches (30.0%).

Healthcare experienced extortion demands as high as $4 million.

Business interruption was triggered as the main driver of loss in 17.5% of claims (primary 15.1%, excess 23.3%), triggered with some loss impact in 12.6%, triggered with no loss impact known in 7.3%, and not triggered in 62.6%.

Healthcare, retail, and manufacturing remained the most targeted sectors.

Nearly half of small healthcare practices lack sufficient cyber insurance

The Black Basta variant had the highest average ransom demand at $4 million.

The average ransom demand in 2024 was $1.1 million.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

Cyber insurance claims frequency decreased by 7% year-over-year (YoY).

Ransom demands from threat actors decreased by 22% year-over-year (YoY) in 2024.

March 2025 held the highest volume of public ransomware cases of all time.

Extortion (including ransomware) was the primary cause of cyber losses, accounting for 28% of claims.

Despite the decline from 2023, ransomware claims in 2024 remained approximately double the totals recorded for 2020, 2021, and 2022.

The majority of 2024 cyber insurance claims (60%) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents.

59% of enterprises have adopted at least one new security solution at the request of their cyber insurance provider.

Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of ransomware claims in 2024.

Black Basta accounted for just 3% of all ransomware claims in 2024.

FTF (funds transfer fraud) claims frequency decreased by 2% YoY.

Although the amounts paid by UK ransomware victims continued to rise in 2024, extortion negotiations involving ransomware experts remained generally effective, often resulting in reductions of over 60% from the initial demands to the final payment.