Coalition, a cyber insurance and security company, has published the findings of its 2026 Cyber Claims Report, showing that initial ransomware demands in 2025 increased significantly, rising 47% year-on-year.
Despite the sharp rise in demands from threat actors, Coalition’s data indicates that a record 86% of affected businesses refused to pay ransoms, suggesting that organisations are strengthening their resilience through improved backups and incident response strategies.
Coalition attributes this shift partly to stronger support mechanisms from cyber insurers and improved preparation among businesses.
“The data suggests a turning point in the economics of ransomware: while threat actors escalate their demands to push for higher, seven-figure payouts, cyber insurer support is helping businesses limit losses and is starting to help tip the scales back in favor of defenders,” commented Rob Jones, Coalition’s Global Head of Claims. “Ultimately, we’re seeing the continuous partnership that Active Insurance offers between Coalition and our policyholders is reshaping the loss profile of cyber insurance and creating better outcomes.”
The report notes that ransomware remained the most expensive category of cyber claim in 2025, with an average loss of $269,000. However, Coalition states that business email compromise (BEC) and funds transfer fraud (FTF) together represented the majority of incidents observed during the year, accounting for 58% of all cyber events.
Among FTF claims in 2025, Coalition found that 52% originated from BEC incidents, highlighting how email-based attacks can trigger financial fraud but are not the only route through which such incidents occur. Coalition therefore emphasises that businesses must be prepared to respond to both email-enabled and non-email pathways leading to financial theft.
Jones said that although ransomware tends to dominate headlines, the company’s claims data suggests other forms of cyber crime remain persistent. “Understandably, ransomware generates headlines, and while we’re encouraged to see more organisations willing to walk away from extortion demands, our claims data shows that old-fashioned email-based crime hasn’t gone anywhere,” continued Jones. “BEC and FTF are still powered by social engineering, which targets the individual, and those attacks can be just as damaging to businesses.”
Coalition reports that overall global cyber claims frequency increased by 3% year-on-year in 2025. At the same time, the severity of claims declined by 19%, with the average loss falling to $116,000. Coalition says this suggests that although attempts by attackers may be occurring slightly more often, organisations are improving their ability to reduce the impact when an incident takes place.
The company’s data shows that BEC claims increased in frequency by 15% during the year, while their severity dropped by 28% to an average loss of $27,000. Coalition warns that BEC remains a significant risk because it can act as an entry point for more severe incidents, including funds transfer fraud.
Funds transfer fraud was the second most common cyber event recorded by Coalition, representing 27% of all claims. According to the report, FTF claim frequency declined by 18% year-on-year and severity decreased by 14%, leaving the average loss at $141,000.
Coalition also reports that it recovered $21.8 million in stolen funds on behalf of policyholders during the year, with an average recovery of $202,000. The company states that earlier reporting of suspicious activity significantly increases the likelihood that stolen funds can be recovered.
Coalition further notes that dual-extortion ransomware, where attackers both encrypt systems and extract data, dominated the threat environment in 2025. These incidents accounted for 70% of all ransomware claims recorded by the company, and attacks involving data theft were more than twice as expensive as those without it.
The report also highlights differences between organisations of varying sizes. Businesses generating more than $100 million in annual revenue experienced cyber claims more frequently than any other group, with a claim frequency five times higher than that of smaller organisations.
Coalition states that larger businesses present broader targets due to their extensive digital infrastructure, although they also typically possess more resources to contain incidents. For this group, the severity of claims fell by 7% year-on-year to an average loss of $268,000. Coalition notes that while this remains the highest loss level across revenue categories, the continuing decline since 2024 indicates improvements in containment and response.
Coalition adds that its Active Insurance model aims to move beyond traditional policies by maintaining an ongoing working relationship with policyholders. According to the company, 64% of claims closed in 2025 were resolved without any out-of-pocket loss for the policyholder.
The 2026 Cyber Claims Report is based on statistics, charts and risk insights derived from data gathered from more than 100,000 Coalition policyholders across the United States, Canada, the United Kingdom, Australia and Germany.
