The Rising Tide of Cyber Threats: Key Insights from At-Bay’s 2025 InsurSec Report

Cybersecurity has transitioned from an IT concern to an existential business risk. The recent release of At-Bay’s 2025 InsurSec Report provides critical insights into the evolving threat landscape that every business owner and IT professional should take note of. As a seasoned IT professional with over three decades of experience, I’ve witnessed the evolution of cyber threats, but the data from this comprehensive report reveals concerning trends that deserve immediate attention.

Key Findings from the 2025 InsurSec Report

The report, which analyzes a full year of real-world claims data, presents several alarming statistics:

1. Overall claim frequency increased by 16% in 2024, with financial fraud continuing to be the most common type of cyberattack.
2. Email remains the primary attack vector, triggering 43% of all claims. A staggering 83% of financial fraud claims began with an email attack.
3. Direct ransomware attacks have returned to 2021 levels, increasing by 19% year-over-year. Mid-sized companies ($25M-$100M in revenue) were hit hardest with a 46% increase in frequency and 47% increase in severity.
4. Remote access tools were the initial entry point for 80% of direct ransomware claims, up from 63% the previous year.
5. Third-party risk continues to rise, with indirect ransomware claim frequency increasing by 43%.

(Indexed Claim Frequency by Year – Source: At-Bay’s InsurSec Report)

 The Growing Ransomware Threat

The report highlights a concerning trend in ransomware attacks. The average ransom demand in 2024 was nearly $1 million, with the average payment (when paid) being $317,000. Even more troubling, mid-sized companies saw direct ransomware severity increase by 47% year-over-year.

The manufacturing sector was particularly vulnerable, experiencing nearly twice the claim frequency compared to other industries. This appears linked to lower adoption of security controls compared to more regulated industries like healthcare and financial services.

(Average Claim Severity by Industry, 2024 – Source: At-Bay’s InsurSec Report)

 The Critical Role of Data Backups

While the report touches on many aspects of cybersecurity, I want to emphasize the crucial role of robust backup solutions in mitigating ransomware damage. At-Bay noted in previous research that while 90% of insureds reported having offline backups in place, only about 25% were able to use them effectively to recover from cyber incidents.

This “backup gap” represents a significant vulnerability. Having backups is not enough – they must be:

• Properly configured
• Routinely tested
• Secured from ransomware attacks themselves
• Part of a comprehensive recovery strategy

Organizations that properly implement and maintain their backup solutions show significantly better outcomes when facing ransomware attacks. This isn’t just about technical configuration – it requires ongoing management attention and regular verification.

 Third-Party Risks on the Rise

Another concerning trend is the increase in third-party incidents, particularly “indirect ransomware” where an organization is impacted by an attack on a vendor or partner. These incidents increased by 43% in 2024, with the CDK Global outage affecting auto dealerships being a prime example.

This highlights the need for comprehensive vendor risk management and contingency planning for critical business services and software.

 Financial Fraud Remains Prevalent

Financial fraud continues to be the most common type of cyber incident, with email being the entry vector for 83% of these claims. The average amount stolen rose to $268,000 in 2024, with the most severe case resulting in a loss of $5.2 million.

Attackers are increasingly using generative AI to craft more convincing phishing emails, making traditional security awareness training less effective against sophisticated social engineering.

 How CinchOps Can Secure Your Business

In light of these findings, your business needs a comprehensive security approach that addresses all these threat vectors. At CinchOps, we leverage our decades of experience to provide small and medium businesses with enterprise-grade protection tailored to your specific needs and budget.

Our approach includes:

1. Comprehensive security assessments that identify vulnerabilities in your technology environment before attackers do
2. Managed backup solutions that are properly configured, regularly tested, and designed to enable rapid recovery
3. Multi-layered email security that goes beyond standard filtering to detect sophisticated fraud attempts
4. Vendor risk management to help identify and mitigate third-party security risks
5. Endpoint Detection and Response (EDR) to stop ransomware before it can encrypt your data
6. 24/7 security monitoring to detect and respond to threats before they become breaches
7. Cybersecurity awareness training customized for your team to recognize and report sophisticated attacks

The At-Bay report makes it clear: the security controls you choose to deploy have a direct impact on your risk profile. Companies with properly selected, configured, and maintained security controls experienced significantly lower losses.

Don’t wait until after an incident to implement proper security measures. Contact CinchOps today for a comprehensive security assessment and let our experts help secure your business against the evolving threat landscape.

Remember, effective cybersecurity isn’t about deploying every possible control – it’s about implementing the right controls properly. Our team has the experience to guide you through this process and provide ongoing support to keep your business secure.

 Discover More 

Discover more about our enterprise-grade and business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: 2025 Verizon Data Breach Investigation Report: Key Cybersecurity Trends for West Houston Businesses SMBs
For Additional Information on this topic: Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

FREE CYBERSECURITY ASSESSMENT