Cyber insurer Coalition sees ransomware growing: Report

The majority of ransomware claims in 2024 began with threat actors compromising perimeter security appliances, 58%, or remote desktop software, 18%, according to a report Tuesday from cyber insurer Coalition Inc.

The most common “initial access vectors” across all ransomware claims were stolen credentials, 47%, and software exploits, 29%, according to Coalition’s Cyber Threat Index.

Most proactive alerts sent by Coalition in 2024 concerned configuration issues, such as exposed login panels, exposed services, and risky technologies, the report said.

Exposed logins are an “underappreciated” driver of ransomware risk, the report said. Coalition detected over 5 million internet-exposed remote management solutions and tens of thousands of exposed login panels across the internet.

Small and medium-sized businesses remain especially vulnerable to specific cyberattack types, such as ransomware, Coalition said. Cybersecurity concerns are a top threat for 60% of small and medium-sized businesses owners, yet just 23% say they are very prepared to handle an attack, according to the U.S. Chamber of Commerce Small Business Index, Coalition said.

Looking forward, Coalition said it forecasts that more than 45,000 software vulnerabilities will be published in 2025, a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024.