Ransomware may still be the most expensive type of cyberattack, but it’s financial fraud, often triggered by phishing emails, that continues to dominate in terms of sheer volume of claims, according to the latest data from At-Bay 2025 InsurSec Report.
The cyber insurer reported a 16% rise in claims during 2024, compared to the year before. Interestingly, while incidents increased, the average cost per claim fell to $166,000, down from $213,000 in 2021. Yet, the underlying shift in threat dynamics reveals that attackers are increasingly exploiting security gaps within third-party vendors, not necessarily the primary insured organizations themselves.
Third-Party Failures Drive Major Claims
At-Bay’s data highlights a growing trend: indirect ransomware incidents — those originating from third-party systems — are climbing fast. These types of breaches have now become some of the most damaging, with the average claim reaching $241,000, a staggering 72% jump from 2023. By comparison, direct ransomware attacks still top the cost charts at $468,000 per incident.
This trend reflects a broader shift in the threat landscape. When attackers infiltrate a vendor, they often gain access to real-time communication threads, invoice histories, and other sensitive context that helps them craft convincing phishing or impersonation campaigns. As a result, victim organizations find themselves defrauded or compromised — even when their own defenses weren’t technically breached.
Insurance Reports Offer a Broader View
In 2024, cyber insurance providers have emerged as a key source of actionable threat intelligence. Firms like Resilience Cyber Insurance Solutions reported similar findings, with third-party compromises accounting for 31% of all cyber-related claims. High-profile attacks on companies like Change Healthcare, CDK, and even the self-inflicted outage at CrowdStrike underscore the scale of impact when vendors go down.
This shifting threat landscape has made it clear that cybersecurity is no longer confined within a company’s own infrastructure. Businesses must now factor in the security posture of their partners and vendors, especially as entire operations can grind to a halt when a critical third party is compromised.
At-Bay’s report suggests that organizations investing in endpoint detection and response (EDR) solutions, particularly those managed by a professional security team, are seeing better outcomes. These systems offer fast response capabilities, and in a threat environment filled with unpredictable and fast-moving actors, they serve as a crucial first line of defense.
The firm emphasizes that managed detection and response services deliver a measurable advantage by helping companies detect suspicious behavior early, contain breaches quickly, and reduce potential damage. In addition, improved visibility and threat monitoring, especially across third-party relationships, helps organizations understand their extended attack surface.
Data from Resilience supports this position, noting that companies that use threat intelligence and trend data to guide security investments tend to be more resilient and better prepared for emerging threats.
At-Bay Claims Data Isn’t Just History — It’s a Forecast
According to the report, businesses that treat cyber-insurance claim trends as early warning signals — not just post-breach reports — gain a strategic edge. They’re able to make more informed decisions about which technologies to prioritize, and where to shore up defenses.
Cyber-insurance providers, once viewed solely as risk underwriters, are now stepping into advisory roles, offering organizations real-world insights based on aggregated incident data. Some enterprises are even beginning to treat their insurer as a strategic partner, engaging in in-depth reviews of security posture and making risk-based decisions tied to premiums.
This shift is becoming more important as government-led cybersecurity support recedes. With agencies like CISA and law enforcement reducing their involvement in incident response and threat reporting, private sector firms are being pushed to find new sources of threat visibility and risk guidance.
At-Bay’s report warns that as companies lose access to early warnings and federal cybersecurity assistance, the burden of cyber resilience will fall increasingly on private partnerships. Insurers with a front-row seat to incident trends, threat actors, and technical vulnerabilities are now among the few entities positioned to help companies adjust in real time.
