Fraud Is Dominating Cyber Insurance Claims

Uploaded on 2025-04-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Ransomware continues to be the most costly cyber insurance claims in 2024, however incidents of financial fraud continue to be far more numerous, with both often triggered by security failures at a third-party firm. This comes from the recent batches of cyber-insurance data released recently by cyber insurance firm At-Bay

Financial fraud is the second most common type of cyber attack leading to an insurance claim, but is certainly the most costly, according to At-Bay's 2025 InsurSec Report. 

While the cyber insurer saw 16% more claims in 2024 than the year before, the overall cost of each incident declined to $166,000, down from $213,000 in 2021. The 2025 data sheds light on the most significant cyber threats faced by companies, where specialist cyber insurance firms are a reliable source of data on the true cost of security incidents.

Technology choices directly impact cyber risk, with poor decisions by companies significantly increasing the likelihood of an attack, while properly implemented security controls demonstrably reduce losses,. Furthermore, exposure to the vulnerability of third parties in the corporate supply chain  has become an increasing weakness for many companies. While direct ransomware continued to have a larger effect, to the tune of $468,000 per incident on average, the impact of indirect ransomware has climbed quickly.

Damages due to ransomware attacks targeting a third party, and not the policyholder, resulted in an average claim per incident of $241,000, an increase of 72% since 2023. 

The manufacturing sector experienced almost double the ransomware claim frequency compared to the overall average, a disparity attributable to security technology selection and security culture rather than any single event. Unlike heavily regulated industries such as health care or financial services, manufacturers typically lack industry-level cyber security regulations and often adopt security controls primarily to obtain cyber insurance rather than as part of a holistic risk management approach, according to the report.

The most damaging incidents of 2024, were in the US Healthcare sector, along with the self-inflicted outage at cyber security firm CrowdStrike, caused disruption in many of their client companies' ability conduct business.

The data heavily suggests that certain strategies can pay off in managing risk. Perhaps the biggest advantage for companies is to have an endpoint detection and response (EDR) system in place and a team of security experts monitoring the system and responding to incidents.

At-Bay   |    Dark Reading   |    Risk Insurance   |   Bank Director  |   Digiatl Terminal

Image: Ideogram

You Might Also Read:

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« For Sale: Cheap DIY Cyber Crime Kits
Hackers Claim They Are Selling FortiGate Firewall Access »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

AKS iQ

AKS iQ

AKS iQ leads the RegTech sector with AI, automating regulatory compliance in the banking industry and ensuring paperless TBML and CFT adherence in finance.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.