Fraud Is Dominating Cyber Insurance Claims

Uploaded on 2025-04-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Ransomware continues to be the most costly cyber insurance claims in 2024, however incidents of financial fraud continue to be far more numerous, with both often triggered by security failures at a third-party firm. This comes from the recent batches of cyber-insurance data released recently by cyber insurance firm At-Bay

Financial fraud is the second most common type of cyber attack leading to an insurance claim, but is certainly the most costly, according to At-Bay's 2025 InsurSec Report. 

While the cyber insurer saw 16% more claims in 2024 than the year before, the overall cost of each incident declined to $166,000, down from $213,000 in 2021. The 2025 data sheds light on the most significant cyber threats faced by companies, where specialist cyber insurance firms are a reliable source of data on the true cost of security incidents.

Technology choices directly impact cyber risk, with poor decisions by companies significantly increasing the likelihood of an attack, while properly implemented security controls demonstrably reduce losses,. Furthermore, exposure to the vulnerability of third parties in the corporate supply chain  has become an increasing weakness for many companies. While direct ransomware continued to have a larger effect, to the tune of $468,000 per incident on average, the impact of indirect ransomware has climbed quickly.

Damages due to ransomware attacks targeting a third party, and not the policyholder, resulted in an average claim per incident of $241,000, an increase of 72% since 2023. 

The manufacturing sector experienced almost double the ransomware claim frequency compared to the overall average, a disparity attributable to security technology selection and security culture rather than any single event. Unlike heavily regulated industries such as health care or financial services, manufacturers typically lack industry-level cyber security regulations and often adopt security controls primarily to obtain cyber insurance rather than as part of a holistic risk management approach, according to the report.

The most damaging incidents of 2024, were in the US Healthcare sector, along with the self-inflicted outage at cyber security firm CrowdStrike, caused disruption in many of their client companies' ability conduct business.

The data heavily suggests that certain strategies can pay off in managing risk. Perhaps the biggest advantage for companies is to have an endpoint detection and response (EDR) system in place and a team of security experts monitoring the system and responding to incidents.

At-Bay   |    Dark Reading   |    Risk Insurance   |   Bank Director  |   Digiatl Terminal

Image: Ideogram

You Might Also Read:

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« For Sale: Cheap DIY Cyber Crime Kits
Hackers Claim They Are Selling FortiGate Firewall Access »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

Recast Software

Recast Software

Recast Software exists to simplify the work of IT teams and enable them to create highly secure and compliant environments.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.

Cyber Civil Rights Initiative (CCRI)

Cyber Civil Rights Initiative (CCRI)

CCRI is the leading organization serving thousands of victims around the world and advocating for technological, social, and legal innovation to fight online abuse.