Listen to this Post
In the ever-evolving landscape of cybersecurity, email-based attacks have emerged as one of the most significant threats to businesses globally. According to Coalitionās “2025 Cyber Claims Report” released on May 7, email attacks, including business email compromise (BEC) and funds transfer fraud (FTF), accounted for a staggering 60% of all claims in 2024. This alarming trend reveals the growing vulnerability of organizations to social engineering tactics and the escalating costs associated with cyber incidents.
The report provides a detailed analysis of the cyber-insurance landscape, shedding light on how email-based attacks are not only increasing in frequency but also in severity. While ransomware continues to be a significant threat, BEC and FTF attacks have become the primary drivers of financial losses, causing major disruptions to businesses worldwide. In this article, we explore the impact of these attacks, the rise in associated mitigation costs, and the strategies employed by organizations to counter these ever-present threats.
The Rising Tide of Email-Based Attacks
In 2024, business email compromise and funds transfer fraud made up 60% of all cyber-insurance claims. BEC incidents, in particular, saw a 23% increase in severity, with organizations facing an average loss of \$35,000. In comparison, the average loss for ransomware attacks was considerably higher at \$292,000. Despite ransomwareās higher costs, email-based attacks remain pervasive, continuing to impact organizations both in the US, the UK, Canada, and Australia.
The report further highlights an encouraging trend: a 7% reduction in ransomware claims severity and a 3% decrease in claims frequency. In contrast, FTF claims saw a significant drop in severity, plummeting by 46%, reducing average losses to \$185,000. Even so, the overall threat landscape remains a cause for concern as financially motivated attackers develop increasingly sophisticated tactics to exploit new vulnerabilities.
The Cost of Mitigating Email-Based Attacks
BEC attacks have consistently dominated the cyber-claims space for the last three years. Once cybercriminals gain access to business email accounts, they can launch various malicious activities, such as stealing sensitive data, compromising additional accounts, or executing fraudulent fund transfers. Notably, 29% of BEC attacks also triggered FTF incidents, with average losses of \$106,000.
The cost of responding to and mitigating BEC incidents is rising. Legal expenses, incident response services, and the involvement of data mining and notification services have significantly increased the cost of handling these attacks. Chris Hendricks, head of Coalition Incident Response, notes that while Coalition works with vendors to negotiate favorable rates for policyholders, the broader economic climate is driving up the price of necessary response services.
Positive Developments Amid Challenges
Despite the growing costs of dealing with email-based attacks, there have been positive developments highlighted in the report. One such example involves the recovery of \$31 million in stolen funds. In one instance, a distributor was tricked into wiring \$2.1 million to a fraudster who had spoofed the email address of the companyās landlord. Thanks to swift action by Coalition and the involvement of law enforcement, the majority of the stolen funds were recovered.
Additionally, Coalitionās proactive approach to issuing security alerts and addressing vulnerabilities helped mitigate over 32,000 security issues, including zero-day vulnerabilities and software nearing end-of-life.
What Undercode Says:
Email-based attacks continue to dominate the cyber-claim landscape, with BEC and FTF being the primary contributors to financial losses in 2024. While ransomware claims remain costly, the growing frequency of email-based attacks indicates a shift in the tactics of cybercriminals. These attacks, often facilitated through social engineering, have devastating consequences, highlighting the importance of having strong cybersecurity measures in place.
The rise in BEC-related claims severity can be attributed to the increasing costs associated with incident response. Legal fees, notification services, and data mining efforts all contribute to escalating mitigation costs. However, organizations that quickly report suspicious activities and involve the proper authorities are often able to recover stolen funds, as demonstrated by Coalitionās recovery efforts in the past year.
As cybercriminals evolve their methods, organizations must focus on implementing preventative measures such as multifactor authentication and ongoing security awareness training. The fact that BEC and FTF incidents have remained the dominant threats, despite the advent of new vulnerabilities, signals that email security remains a crucial area of concern for businesses across industries.
In conclusion, businesses must recognize the growing importance of email security, especially as attacks become more sophisticated. Organizations should not only adopt the latest technological defenses but also focus on training employees to recognize social engineering tactics. The financial and reputational costs of these attacks can be devastating, making it essential to take proactive steps toward cybersecurity.
Fact Checker Results:
- Email-based attacks remain the leading cause of cyber-insurance claims, according to the Coalitionās 2025 Cyber Claims Report.
- Business email compromise and funds transfer fraud together accounted for 60% of claims, with a 23% increase in the severity of BEC attacks.
- Despite the rise in claims severity, there were positive recovery outcomes, including the recovery of \$31 million in stolen funds.
Prediction:
As cyber threats continue to evolve, the frequency and severity of email-based attacks are expected to increase in the coming years. With cybercriminals continually refining their tactics, organizations will need to implement more robust cybersecurity measures and invest in employee training to mitigate the risk of falling victim to these attacks. Additionally, as the cost of mitigation services rises, businesses will need to prioritize cost-effective incident response strategies to stay ahead of the curve in the battle against cybercrime.
References:
Reported By: www.darkreading.com
Extra Source Hub:
https://www.medium.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
