Resurgence of Ransomware in 2024
At-Bay, a leading cyber insurance and security firm, has released its 2025 InsurSec Report, shedding light on significant shifts within the cyber threat landscape. According to the report, 2024 saw a notable resurgence in ransomware activity, a trend the company attributes to increased exploitation of remote access tools, especially VPNs. These tools were implicated in four out of five cyber attacks, underscoring their vulnerability.
Ransomware incidents surged by 19% last year, reaching levels not seen since 2021. The financial impact was substantial, with the severity of these attacks rising by 13%. Companies with an annual revenue between $25 million and $100 million were particularly affected, facing a staggering 46% increase in ransomware claims.
Impact of Supply Chain Breaches
A growing concern highlighted in the report is the ripple effect of supply chain breaches. The number of businesses impacted by attacks targeting their vendors or partners increased by 43%, with the average cost of such third-party incidents escalating by 72% to $241,000. At-Bay emphasizes that the intricate network of digital dependencies has expanded the reach—and the damage potential—of ransomware attacks.
The report identifies nearly 50 ransomware groups linked to attacks in 2024, a threefold increase from 2021. This proliferation of threat actors has introduced greater unpredictability in ransom demands and made negotiation outcomes less consistent.
Remote Access Vulnerabilities
The vulnerabilities inherent in remote access tools were a primary focus of the report. VPNs were responsible for two-thirds of all ransomware breaches, highlighting a critical weak point in corporate security systems. While these tools are often overlooked, they have become a significant target for cybercriminals.
Cyber Insurance Trends
The rise in ransomware incidents mirrored an overall increase in cyber insurance claims. Claim frequency rose by 16% across all business sizes, with larger companies experiencing the steepest climb. Although general claim severity dropped by 5%, ransomware-related losses continued to grow.
Email-based attacks remain a persistent threat, accounting for 43% of all claims. Financial fraud emerged as the most common incident type in 2024, making up 32% of all claims, with 83% initiated through malicious emails.
Ransom Payment Trends
Despite the surge in attacks, a majority of At-Bay clients opted against paying ransoms. Only 31% of policyholders chose to settle, leaving $146 million in ransom demands unpaid. In successful negotiations, At-Bay managed to reduce the average ransom demand from $957,000 to $317,000 and helped recover $49 million in stolen funds related to fraud cases.
Conclusions and Recommendations
The 2025 InsurSec Report from At-Bay highlights the increasing complexity of cyber risks but also underscores the importance of robust security-insurance partnerships. As the threat landscape continues to evolve, the findings provide both a cautionary tale and a strategic roadmap for businesses aiming to bolster their digital resilience.
Adam Tyra, Chief Information Security Officer for Customers at At-Bay, stated, “Remote access tools like VPNs and RDP remain a prominent focus for cybercriminals. In 2024, they were linked to 80% of ransomware attacks, up from 63% the prior year. VPNs alone played a role in two-thirds of ransomware incidents. Mid-market businesses need to either upgrade to safer alternatives or seek support for patching and configuration management to mitigate risks associated with these tools.”
News
