Coalition, Inc. - Experts & Thought Leaders

Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, published its Cyber Threat Index 2025, detailing insights on cybersecurity trends from 2024 and emerging threats businesses should be aware of in 2025. According to the report, most ransomware claims in 2024 started with threat actors compromising perimeter security appliances (58%), like virtual private networks (VPNs) or firewalls. Remote desktop products were second-most (18%) exploited for ransomware attacks. Ransomware cyber attack “While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much—they’re still going after the same tried and true technologies with many of the same methods,” commented Alok Ojha, Coalition’s Head of Products, Security. “This means that businesses can have a reliable playbook, too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber attack. Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.” Other key findings from the report The total number of published software vulnerabilities will increase to over 45,000 in 2025, a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024. Across all ransomware claims, the most common initial access vectors (IAVs) were stolen credentials (47%) and software exploits (29%). Vendors such as Fortinet®, Cisco®, SonicWall®, Palo Alto Networks®, and Microsoft® build the most commonly compromised products. Exposed logins are an underappreciated driver of ransomware risk. Coalition detected over 5 million internet-exposed remote management solutions and tens of thousands of exposed login panels across the internet. When applying for cyber insurance, most businesses (65%+) had at least one internet-exposed web login panel. Crucial security risks Policyholders received critical alerts for just 0.15% of vulnerabilities published in the first ten months “This year’s report focuses on the most crucial security risks that under-resourced organisations should understand to better calibrate their defensive investments to bolster resilience,” said Daniel Woods, Senior Security Researcher at Coalition. “Calibration involves balancing security investment across vulnerabilities, misconfigurations, and threat intelligence while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. That’s why Coalition issues Zero-Day Alerts to help businesses, especially SMBs with limited security resources, stay ahead of these vulnerabilities and reduce alert fatigue by prioritising those posing the greatest risk.” Risk prioritisation for policyholders  Coalition employs artificial intelligence, honeypots, and human judgement to prioritise high-risk vulnerabilities based on their likelihood of exploitation. This risk prioritisation reduces alert fatigue for policyholders and helps them focus on the most critical risks. Policyholders received critical alerts for just 0.15% of vulnerabilities published in the first ten months of 2024, and 90% never received an alert at all. These timely notifications enabled Coalition customers to remediate over 32,000 vulnerabilities last year.

Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, has become the first cyber insurance provider in the UK to launch a service dedicated to recovering funds stolen by cyber attackers. The cyber insurer’s new UK ‘clawback’ service is designed to intercept funds in the banking system before an attacker can move them. The programme was recently proven successful with the recovery of £1.4m for a policyholder. Cyber clawback service  Laura Stewart, Coalition’s UK Head of Claims, said, “As far as we are aware, we are the first cyber insurance provider in the UK to offer this sort of service to clawback money in a funds transfer fraud event." "While we can’t guarantee that we will be successful in getting all of the stolen funds back every time, we’ve now established a process that will enable us to act immediately, which increases our chances of success." Communicating with banks “While Coalition has been recovering stolen funds for US clients for some time now, the UK banking system is different: it moves faster, is harder to navigate, and UK banks are often more reluctant to communicate with third parties." "That’s why we’ve teamed up with a financial crime law partner. This relationship and new process give us the ability to communicate with the banks quickly and forcefully.” Cyber insurance cover The coalition team was able to help prevent the banks from moving the stolen funds In the example mentioned above, attackers stole £1.4m in a sophisticated social engineering attack on a law firm in the south of England. The law firm had funds transfer fraud cyber insurance cover for up to £250,000, only a fraction of the total loss. By partnering with a national law firm that uses its knowledge of and relationships within the banking system, the Coalition team was able to help prevent the banks from moving the stolen funds and recover the entire £1.4m. Add practical value Tom Draper, Coalition’s Managing Director, UK, said, “We continue to add practical value to our Active Cyber Insurance product, helping protect SMEs from cyber events." "Funds transfer fraud can be devastating for any business, and adding Coalition’s clawback service to the UK gives us another way to support our policyholders and brokers when their financial livelihoods are on the line.”

Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, released the 2023 edition of its Cyber Claims Report detailing the evolution of cyber trends. The report found that policyholders with even one unresolved critical vulnerability were 33% more likely to experience a claim. Additionally, policyholders — regardless of organisation size — who continued to use end-of-life software, products no longer supported by their original developers, were three times more likely to suffer from an incident.  Author's quote “Threat actors are forever looking for targets with weak security controls or unprotected infrastructures - these are the paths of least resistance into a company’s network,” said Catherine Lyle, Coalition’s Head of Claims, adding “Unfortunately, that’s why human inaction, such as not patching a publicised critical vulnerability or updating out-of-date software, is a high-risk factor for a cyber incident or cyber claim.” Cyber Claims Report Overall phishing-related claims have increased by 29% from the beginning of 2022 The 2023 Cyber Claims Report also found that, in addition to human inaction, human error is equally as high of a risk driver. Phishing accounted for 76% of reported incidents—more than six times greater than the next-most popular attack technique.  Overall phishing-related claims have increased by 29% from the beginning of 2022. Successful phishing frequently leads to funds transfer fraud (FTF) or business email compromise (BEC) events but is also the top path used to get into an organisation’s system for any purpose. Critical recommendation “It’s a straightforward but critical recommendation: setting up multi-factor authentication is one of the best ways to prevent attackers from getting into an organisation’s network because it provides the person protection even when security is not top of mind. For a majority of Coalition’s phishing-related cases, multi-factor authentication would have stopped access and prevented a claim,” continued Catherine Lyle.  Other key findings from the report include: Overall claims frequency decreased by 17% from 2021 to 2022. FTF frequency slightly decreased in 2022 after sharply rising by 23% in 2021. Similarly, FTF severity flattened in 2022 after a 68% surge. When policyholders alerted Coalition to an FTF event, Coalition successfully recovered 66% of lost funds. Ransomware claims frequency dropped 54% year-over-year (YoY). Ransomware demands also decreased YoY from $1.2 million in 2021 to $1 million in 2022—a 17.5% drop. In 2022, Coalition successfully negotiated ransom payments down for policyholders to an average of 27% of the initial demand.  Billions of security scans This report aggregates claims and incident data from 2022, including the highest-profile claim events and cyber attacks that continue to pose risks to all businesses. By performing billions of security scans across the public internet, sending thousands of critical security alerts, and investigating cyber incidents, Coalition creates a picture of the industry landscape that helps empower organisations to understand their cyber risk better.