Full Report
Coalition, a cyber insurance and security company, has published the findings of its 2026 Cyber Claims Report, showing that initial ransomware demands in 2025 increased significantly, rising 47% year-on-year. Despite the sharp rise in demands from threat actors, Coalition’s data indicates that a record 86% of affected businesses refused to pay ransoms, suggesting that organisations are strengthening their resilience through improved backups and incident response strategies.
Analysis Summary
# Industry News: Coalition 2026 Report Signals Ransomware Resilience Despite Rising Demands
## Summary
Coalition’s 2026 Cyber Claims Report reveals a significant 47% year-on-year increase in initial ransomware demands during 2025. However, a record 86% of organizations refused to pay, signaling a pivotal shift in the "economics of ransomware" toward stronger defensive resilience and insurance-backed recovery.
## Key Details
- **Date:** March 6, 2026
- **Companies Involved:** Coalition (Cyber Insurance & Security)
- **Category:** Market Analysis / Industry Report
## The Story
The digital threat landscape in 2025 was defined by a paradox: threat actors grew more aggressive in their financial demands, yet organizations became less likely to capitulate. Coalition’s data shows that while ransomware remains the costliest claim category (averaging $269,000 per incident), businesses are increasingly opting to restore via backups and incident response protocols rather than paying extortionists.
While ransomware dominated headlines, "low-tech" social engineering remained the primary driver of loss. Business Email Compromise (BEC) and Funds Transfer Fraud (FTF) accounted for 58% of all incidents. Notably, 70% of ransomware claims now involve "dual-extortion" (encryption plus data theft), which doubles the cost of an incident compared to encryption-only attacks.
## Business Impact
### For the Companies Involved
- **Coalition:** Validates its "Active Insurance" model by reporting that 64% of claims were resolved with zero out-of-pocket loss for policyholders and $21.8M in stolen funds recovered.
### For Competitors
- **Insurance Benchmarking:** Increases pressure on traditional insurers to provide active security monitoring and recovery services rather than just passive indemnity.
### For Customers
- **Large Enterprises (>$100M revenue):** Face 5x higher claim frequency than smaller firms due to larger attack surfaces, though severity is declining due to better containment.
- **SMEs:** Benefit from the declining severity of BEC claims (down 28%), but remain vulnerable to FTF.
### For the Market
- **Economic Shift:** A record 86% "no-pay" rate threatens the ROI of ransomware gangs, potentially forcing a shift in attacker tactics away from volume encryption toward targeted data exfiltration.
## Technical Implications
- **Backup Integrity:** The surge in payment refusals highlights the mission-critical nature of immutable, offline backups.
- **Email Security:** With 52% of FTF originating from BEC, technical controls around email (MFA, DMARC, AI-driven phishing detection) remain the highest-priority defense.
- **Data Governance:** The dominance of dual-extortion (70%) necessitates better data classification and loss prevention (DLP) to minimize the leverage of stolen data.
## Strategic Analysis
- **Market Positioning:** Coalition is positioning itself as a defender-partner rather than a financial safety net, emphasizing its "Active Insurance" as a proactive risk-reduction tool.
- **Competitive Advantage:** Real-time fund recovery ($202k average per recovery) acts as a significant differentiator against standard insurance carriers.
- **Challenges:** As organizations get better at refusing ransomware payments, attackers are diversifying into more sophisticated BEC and FTF schemes that are harder to detect through technical means alone.
## Industry Reactions
- **Rob Jones (Coalition):** Notes a "turning point" where insurer support is helping defenders tip the scales against threat actors.
- **Market Sentiment:** Generally optimistic as global claim severity dropped by 19% ($116k average), despite a slight 3% rise in frequency.
## Future Outlook
- **Tactical Shifts:** Expect threat actors to pivot even harder toward data theft and BEC as encryption-based ransomware loses its profitability.
- **Regulatory Focus:** Increased government and insurance pressure to report incidents early, as data shows early reporting is the primary driver of successful fund recovery.
## For Security Professionals
- **Focus on the "Human Layer":** Technical defenses are working against ransomware, but BEC and social engineering are persistent and frequent (15% rise in BEC frequency).
- **Incident Response Matters:** The disparity in cost between large and small companies suggests that investment in "containment and response" is actively driving down claim severity.
- **Dual-Extortion Strategy:** Security teams must move beyond "can we restore?" to "can we prevent exfiltration?" as data theft is now the standard ransomware playbook.