At-Bay: Ransomware attacks up nearly 20% in 2024, mid-sized businesses hit the hardest
By Mia MacGregor
April 10 - (The Insurer) - Ransomware attacks rose nearly 20% in 2024, with severity increasing 13%, according to a new report from cyber insurtech At-Bay.
The 2025 InsurSec Report, which detailed new trends in cyberattacks and financial losses among businesses, noted that ransomware returned to 2021 levels, with the frequency of attacks increasing by 19% in 2024 versus 2023.
Mid-sized businesses generating between $25 million and $100 million in annual revenue were hit hardest, with ransomware claims jumping 46% year over year.
Manufacturers faced the highest claim frequency across all industries, nearly twice the average, followed by law firms, educational services and retailers.
Ransomware incidents stemming from third-party vendors or partners experienced losses up 72% to $241,000 on average. At-Bay attributed the increase to the damages that can occur from a supply chain incident.
The report also found that nearly 50 ransomware groups were active in 2024, a threefold increase from 2021.
At-Bay said that it believes this resulted in higher volatility in ransom demands and lower reliability in negotiations.
Remote access tools were the most common entry point for attackers, contributing to 80% of ransomware incidents. VPNs alone accounted for 66% of all ransomware attacks.
Overall claims frequency rose 16% in 2024, with larger companies experiencing the sharpest increases, according to the report.
Email remained the preferred initial attack vector, responsible for 43% of all claims.
Financial fraud was the most common type of cyber incident, representing 32% of claims, 83% of which began with a phishing email.
At-Bay noted that only 31% of its policyholders chose to pay ransoms in 2024, with the total amount of unpaid ransom demands reaching $146 million.
Among those who did pay, At-Bay said that the ransom was often negotiated down significantly: the average demand was $957,000, while the average payment was $317,000.
“Remote access tools like VPNs and RDP continue to attract a high level of attention from cybercriminals,” said Adam Tyra, chief information security officer for customers at At-Bay.
“This problem isn’t going away for mid-market businesses. They need to upgrade to safer alternatives or consider getting support with patching and configuration management to lower their risk from operating these tools.”
Related Articles
Coca Cola (KO) Q4 Earnings Preview: Look for the Upside in the AI Initiatives, not in the Revenue and the EPS
Coca-Cola (KO) enters its fourth-quarter 2025 earnings call tomorrow with significant momentum. However, a fundamental shift is occurring.
Warsh’s Fed Era Signals a Death Knell for QE, Jolting the $30 Trillion Treasury Market
With Warsh’s nomination, his past proposals for governing the Federal Reserve are being brought to the forefront. A central issue is the formulation of a new "1951 Accord" to restructure the relationship between the Fed and the Treasury. Analysts suggest such a move could impact the $30 trillion Tre
Amazon Stock Predictions for 2026 to 2030: Will They Exceed Expectations and Achieve Major Long-Term Goals?
TradingKey - As we head into 2026, many investors are questioning where Amazon (AMZN) fits into the technology world.
A Crash After a Surge: Why Silver Lost 40% in a Week?
TradingKey - Spot silver (XAGUSD) prices continue to decline. Silver plunged 20% on Thursday, breaking below $71 per ounce, with the sell-off intensifying on Friday as prices fell further below $64. Compared to the all-time high set on January 29, silver prices have retraced more than 40%, wiping out nearly all gains accumulated over the previous month.
