Ransomware attacks increased by nearly 20% in 2024, and severity was up 13%; Mid-sized companies generating $25-100M in revenue hit hardest, seeing a 46% increase in attacks

News Highlights

• 2025 InsurSec Report reveals new trends in cyberattacks and claims costs
• Email continues to drive majority of cyber claims for mid-market and small business
• Ransomware incidents continue to increase in frequency and severity, with VPNs biggest contributor
• More ransomware groups implicated in attacks in 2024, reaching new record

SAN FRANCISCO – April 10, 2025 – At-Bay, the InsurSec provider for the digital age, today published its 2025 InsurSec Report, which details new trends in cyberattacks and financial losses among businesses. According to the report, which analyzes At-Bay claims data, ransomware attacks increased by nearly 20% in 2024, and the severity rose by 13%. The blast radius of ransomware continues to grow as businesses impacted by attacks on vendors and partners increased 43%, while the average cost of these third-party incidents jumped by 72%. 

“Remote access tools like VPNs and RDP continue to attract a high level of attention from cybercriminals. In 2024, they were correlated with 80% of ransomware attacks, up from 63% the year prior,” said Adam Tyra, Chief Information Security Officer for Customers at At-Bay. “VPNs alone were a factor in 2 of 3 ransomware incidents. This problem isn’t going away for mid-market businesses. They need to upgrade to safer alternatives or consider getting support with patching and configuration management to lower their risk from operating these tools.”

Key findings from the report:

• Ransomware

• • • Ransomware returned to 2021 levels, with the frequency of attacks increasing by 19% in 2024 vs. 2023. 
    • Mid-sized companies generating $25-100M in revenue were hardest hit, seeing a 46% increase in ransomware claims.
    • Losses related to a ransomware attack on a third-party vendor or partner increased by more than 40%, with costs jumping 72% to $241K. This is due to the range of damages that can occur from a supply chain incident. 
    • Close to 50 ransomware groups were implicated in attacks in 2024, a 3X increase from 2021. At-Bay believes this resulted in higher volatility in ransom demands and lower reliability in negotiations.  
    • The vast majority of ransomware started with an attack on a remote access tool, which contributed to 80% of attacks. VPNs alone accounted for two-thirds (66%) of all ransomware attacks. 

• Overall Claims 

• • • Overall claims frequency increased by 16% in 2024. This increase was evidenced across all revenue bands, with larger companies experiencing the biggest increase. 
    • Email was the preferred entry vector for cybercriminals, driving 43% of claims.
    • Financial fraud remained the most common incident type, accounting for 32% of all claims. 4 of 5 (83%) financial fraud claims began with email. 

• InsurSec Impact 

• • Only 31% of ransoms were paid by At-Bay customers in 2024. This totaled $146M in unpaid ransoms. 
  • When a policyholder decided to pay a ransom, the price was often negotiated down by more than half – the average ransom demand was $957K, and the average ransom paid was $317K.
  • At-Bay helped policyholders claw back $49M in stolen funds from financial fraud.

To download the full report and learn how organizations can better protect themselves from cybercrime, visit: 2025 InsurSec Report.

Other resources:

• 2024 InsurSec Rankings: Email Security and Financial Fraud Report
• 2024 InsurSec Report: Ransomware Edition