Fraud Is Dominating Cyber Insurance Claims

Uploaded on 2025-04-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Ransomware continues to be the most costly cyber insurance claims in 2024, however incidents of financial fraud continue to be far more numerous, with both often triggered by security failures at a third-party firm. This comes from the recent batches of cyber-insurance data released recently by cyber insurance firm At-Bay.

Financial fraud is the second most common type of cyber attack leading to an insurance claim, but is certainly the most costly, according to At-Bay's 2025 InsurSec Report.

While the cyber insurer saw 16% more claims in 2024 than the year before, the overall cost of each incident declined to $166,000, down from $213,000 in 2021. The 2025 data sheds light on the most significant cyber threats faced by companies, where specialist cyber insurance firms are a reliable source of data on the true cost of security incidents.

Technology choices directly impact cyber risk, with poor decisions by companies significantly increasing the likelihood of an attack, while properly implemented security controls demonstrably reduce losses,. Furthermore, exposure to the vulnerability of third parties in the corporate supply chain has become an increasing weakness for many companies. While direct ransomware continued to have a larger effect, to the tune of $468,000 per incident on average, the impact of indirect ransomware has climbed quickly.

Damages due to ransomware attacks targeting a third party, and not the policyholder, resulted in an average claim per incident of $241,000, an increase of 72% since 2023.

The manufacturing sector experienced almost double the ransomware claim frequency compared to the overall average, a disparity attributable to security technology selection and security culture rather than any single event. Unlike heavily regulated industries such as health care or financial services, manufacturers typically lack industry-level cyber security regulations and often adopt security controls primarily to obtain cyber insurance rather than as part of a holistic risk management approach, according to the report.

The most damaging incidents of 2024, were in the US Healthcare sector, along with the self-inflicted outage at cyber security firm CrowdStrike, caused disruption in many of their client companies' ability conduct business.

The data heavily suggests that certain strategies can pay off in managing risk. Perhaps the biggest advantage for companies is to have an endpoint detection and response (EDR) system in place and a team of security experts monitoring the system and responding to incidents.

At-Bay | Dark Reading | Risk Insurance | Bank Director | Digiatl Terminal

Image: Ideogram

You Might Also Read:

How Companies Can Manage Third-Party Vendor Risk:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.