Email is where most cyber insurance claims originate

Overall cyber claims frequency increased 13% in 2023, while claims severity increased 10%, according to Coalition, Inc.

This past year saw cyber insurance claims frequency up 13% year-on-year and claims severity increased 10%, according to Coalition’s 2024 Cyber Claims Report. Credit: JustSuper/Adobe Stock

Funds transfer frauds (FTF) and business email compromises each accounted for 28% of cyber insurance claims in 2023, according to Coalition, Inc. Ransomware accounted for 19% of claims, while other events such as errors and misuse resulted in 25% of claims during the year.

These findings, which were drawn from Coalition policyholder claims, underscore the importance of robust email cybersecurity measures, particularly as digital inboxes remain vulnerable targets for hackers.

Diving into FTF data further reveals a 15% increase in frequency, a 24% year-on-year increase in claims severity and an average loss of more than $278,000. Business email compromises saw frequency increase 5% and severity decrease by 15%. The average loss resulting from a business email comprise was $26,000.

According to Coalition’s 2024 Cyber Claims Report, this past year saw cyber insurance claims frequency up 13% year-on-year and claims severity increased 10%. Businesses with revenue between $25 million and $100 million saw the biggest increase in cyber claims frequency, which increased 32% in 2023.

Risky boundaries

The report also found that firewalls, virtual private networks and other network boundary devices are becoming increasingly risky. Although designed to protect networks, boundary devices can carry vulnerabilities that become known and exploited by malicious actors.

Coalition reported that businesses with internet-exposed Cisco ASA devices were almost five times more prone to claims, while those with internet-exposed Fortinet devices were twice as susceptible.

“We also found that policyholders using internet-exposed remote desktop protocol (RDP) were 2.5 times more likely to experience a claim,” Shelley Ma, incident response lead at Coalition Incident Response, said in a release.

Further, there was a 59% increase in unique IP addresses scanning for open RDP to exploit during 2023, according to Coalition.

Related: