Cyber insurance and security company Coalition has released findings from its 2026 Cyber Claims Report, showing a significant increase in initial ransomware demand in 2025, with a 47% year-over-year increase.
Despite a sharp rise in threat actor demands, the Alliance’s data shows that 86% of affected businesses have refused to pay the ransom, a record high, indicating that organizations are increasing their resiliency by improving backup and incident response strategies.
The coalition attributes this shift in part to stronger support mechanisms for cyber insurers and improved business preparedness.
Rob Jones, Global Head of Claims at Alliance, commented: “The data points to a turning point in the economics of ransomware: while threat actors continue to raise their demands for higher seven-figure payouts, cyber insurance carrier support is helping businesses limit losses and starting to help tip the balance in favor of defenders. “Ultimately, we see that the ongoing partnerships that Active Insurance provides between Alliance and our policyholders are reshaping the loss profile of cyber insurance and creating better outcomes.”
The report states that ransomware will remain the most expensive cyber claims category in 2025, with an average loss of $269,000. However, business email compromise (BEC) and funds transfer fraud (FTF) combined accounted for the majority of incidents observed this year, accounting for 58% of all cyber incidents, the alliance said.
Of the 2025 FTF claims, the Coalition found that 52% originated from BEC incidents, which highlights how email-based attacks enable financial fraud, but are not the only way such incidents occur. As a result, the Alliance emphasizes that businesses must be prepared to address both email and non-email avenues that lead to financial theft.
Jones said that while ransomware often dominates the headlines, the company’s claims data shows that other forms of cybercrime persist. “Ransomware understandably dominates the headlines, and while we’re pleased to see more organizations willing to drop ransom demands, our claims data shows that old-fashioned email-based crime is not going away,” Jones continued. “BEC and FTF are still powered by social engineering targeting individuals, and these attacks can also cause damage to businesses.”
Coalition reports that overall global cyber claims frequency will increase by 3% year-on-year in 2025. At the same time, claim severity fell 19%, with average losses falling to $116,000. The alliance said this shows that while attackers may be trying slightly more frequently, organizations are improving their ability to reduce the impact of incidents when they occur.
The company’s data shows that the frequency of BEC claims increased by 15% during the year, while their severity decreased by 28%, with average losses of $27,000. The coalition warns that BEC remains a significant risk as it can serve as an entry point for more serious incidents, including funds transfer fraud.
Fund transfer fraud is the second most common cyber incident recorded by Coalition, accounting for 27% of all claims. The report shows that FTF claim frequency dropped 18% year over year, severity dropped 14%, and the average loss was $141,000.
Coalition also reported that the firm recovered $21.8 million in stolen funds on behalf of policyholders during the year, with an average recovery of $202,000. The company says reporting suspicious activity early greatly increases the likelihood of recovering stolen funds.
Coalition further noted that dual ransomware, in which attackers both encrypt systems and extract data, will dominate the threat landscape in 2025. These incidents account for 70% of all ransomware claims recorded by the company, with attacks involving data theft costing more than twice as much as attacks that do not steal data.
The report also highlights the differences between organizations of different sizes. Businesses with more than $100 million in annual revenue experience cyber claims more frequently than any other group, with claims occurring five times more frequently than smaller organizations.
The coalition noted that larger enterprises present broader targets due to their extensive digital infrastructure, although they also generally have more resources to contain incidents. Claim severity for this group fell 7% year over year, with average losses of $268,000. The alliance noted that while this remains the highest level of losses across all income categories, the continued decline since 2024 suggests improvements in containment and response measures.
Coalition added that its active insurance model aims to go beyond traditional policies by maintaining an ongoing working relationship with policyholders. According to the company, 64% of claims closed in 2025 were resolved without any out-of-pocket losses for policyholders.
The 2026 Cyber Claims Report features statistics, charts and risk insights based on data collected from more than 100,000 Coalition policyholders in the United States, Canada, the United Kingdom, Australia and Germany.
The report released by the Alliance finds a sharp rise in demand for ransomware as most businesses refuse to pay appeared first on ReinsuranceNew.ws.
