Ransomware costs jump 17 percent though insurance claims fall


A new report from risk solutions company Resilience shows in the first half of 2025, the average cost of an individual ransomware attack rose by 17 percent, while the volume of incurred claims across Resilience's portfolio dropped by 53 percent, highlighting the persistent and destructive threat of financially motivated cybercrime.
Ransomware accounted for almost all (91 percent) of incurred losses, while financially motivated social engineering, especially via tailored attacks bolstered by AI-powered phishing content, fueled 88 percent.
Poor data quality is the biggest barrier to AI in insurance


Almost three-quarters of insurance underwriters say fragmented, siloed, and unstructured data -- not technology -- is the main barrier to AI transformation.
New research carried out by Reuters for technology transformation specialist CI&T shows that data fragmentation, unstructured formats, and siloed systems are the real roadblocks to delivering faster, more accurate underwriting and pricing.
New AppleCare One makes it cheaper to protect up to three devices


Apple has launched a new tier of its device protection, support and insurance scheme called AppleCare One. This new level of subscription is aimed at those who have fully bought into the Apple ecosystem, as it makes it possible to cover up to three devices with a single plan.
As well as simplifying the process of getting service and support for Apple devices, AppleCare One addresses one of the key complaints levelled against the program – price. Any three devices are covered by a single $20 plan, which could represent a big saving for some people.
AI lowers the barrier to entry for cybercriminals


We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.
A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.
Majority of cyber insurance ransomware claims are due to BEC


A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.
Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.
Most ransomware incidents start with compromised perimeter security


A new report from cyber insurance provider Coalition shows 58 percent of ransomware claims in 2024 started with threat actors compromising perimeter security appliances like virtual private networks (VPNs) or firewalls.
Remote desktop products are the second-most exploited for ransomware attacks at 18 percent. The most common initial access vectors (IAVs) being stolen credentials (47 percent) and software exploits (29 percent). Vendors including Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft build the most commonly compromised products.
Third-party risk is biggest cybersecurity blind spot


Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.
Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).
Failed security controls cost businesses billions


A new report finds 61 percent of organizations have suffered a security breach in the past year because their policies, governance, and controls failed or were not working effectively. This is costing US businesses $30bn and UK businesses £10bn per year.
The study from security posture management firm Panaseer surveyed 400 security decision makers across the US and UK and found 72 percent have taken out indemnity insurance in response to growing personal liability, whilst 15 percent have considered leaving the industry.
80 percent of companies don't have sufficient cyber insurance


According to a new report, 80 percent of insured companies that have suffered a data breach didn't have sufficient coverage for the incident.
The study, from cybersecurity optimization platform CYE, finds the average coverage gap is 350 percent, which means that more than 75 percent of the incident was not covered.
Published CVEs predicted to increase by 25 percent in 2024


The total number of common vulnerabilities and exposures (CVEs) is expected to increase by 25 percent in 2024 to 34,888 vulnerabilities, or roughly 2,900 per month.
This comes from a new report by 'active insurance' provider Coalition which uses honeypots to monitor for spikes to identify the biggest CVEs before they make news headlines -- thus providing companies with the opportunity to take action before an incident can occur.
Why cyber risk assessment is critical to staying ahead of threats [Q&A]


The cybersecurity landscape is changing all the time and security teams are constantly searching for anything that can give them an edge in defending their systems.
We spoke to Rajeev Gupta, co-founder and chief product officer at insurance specialist Cowbell Cyber, about cyber risk assessment and how it can help businesses understand their level of risk and improve it to stay ahead of bad actors and threats like phishing attempts.
Demand for cyber insurance increases as attacks get more sophisticated


A new report shows that as the severity and sophistication of cyberattacks has increased along with the financial consequences, many companies have been prompted to invest in or review their cybersecurity insurance.
The study of over 600 IT security professionals, conducted by the Ponemon Institute for Recast Software, shows 41 percent say their organization has experienced an increase in the number of cybersecurity incidents in 2023, 61 percent say the total cost of these attacks had averaged $21 million, and 75 percent say their cybersecurity exposure would increase or at best stay the same in the coming year.
How to improve your chances of being insured against a cyber breach


Businesses rely heavily on technology to drive operational efficiency. While this has benefits, it also brings with it challenges and risks, particularly in the realm of cybersecurity. As cyber threats continue to be a persistent concern for businesses there has been a marked surge in demand for cyber insurance as companies recognize the importance of financial protection in the face of data breaches, ransomware attacks, and other cybersecurity incidents. However, as the threat landscape evolves, so does the landscape of cyber insurance, with insurers raising the bar on their security requirements.
While this is a concern for businesses that want to ensure that they are insured against potential security risks, there are a few considerations that can help improve their risk profile ahead of a potential breach or attack. Fundamental to this is cyber resilience within the broader framework of operational resilience.
Mandatory protections, higher premiums and continued growth -- cyber insurance predictions for 2024


The high costs, both financial and reputational, of dealing with a cyberattack along with tighter regulations that means attacks must be reported have meant that many more organizations are seeking to protect themselves with cyber insurance.
This is still a relatively new and developing field, so what do industry experts think we'll see in the cyber insurance market in 2024?
Building an effective and insurable IoT security policy [Q&A]


As businesses look to manage their cybersecurity risk, many have turned to insurance to cover the financial implications of a successful breach.
However, insurers naturally want to limit their own exposure to risk and the small print of the policy may limit some claims. In particular this can apply to IoT devices which represent a major unprotected attack surface in corporate networks.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.