Live Webinar 11/20: SMB Cyber Survival Guide 2025

Cyber Claims Update: ransomware levels off, risks persist for SMBs

Blog Post: 2022 Cyber Claims Report Mid-year update

Cyber incidents have become an inevitable cost of doing business in a digital economy, but they don’t have to be business-ending events. At Coalition, we help businesses prevent an incident from becoming a disaster.

The cyber landscape has shifted again, with once-dominant ransomware claims falling while others rise in frequency and severity. Our 2022 Cyber Claims Report: Mid-year Update highlights the fluid nature of digital risks, and how risk transference is a vital part of staying one step ahead of threat actors.

This report is based on our dataset built from the 160,000 (and growing) businesses we protect. Our goal is to help brokers educate their clients on how to reduce risk exposure, and demonstrate to their SMB clients why Active Insurance is a better model of protection for the fast-moving nature of digital risks.

Keep reading to dive into our new research findings and learn about the key cyber incident trends impacting organizations of all sizes.

Small businesses: Can you afford an incident? 

While Coalition policyholders experience dramatically fewer claims than the broader market, small businesses remain especially vulnerable to cyber attacks.

Cyber insurance can be the deciding factor between a business surviving a cyber attack or being forced to close. For small businesses, the average cost of a claim was $139,000, a staggering amount for any business to pay.

While many small business owners don’t see themselves as targets, threat actors will always go after the lowest-hanging fruit before highly resourced and heavily defended organizations. For example, if your business has a known vulnerability left unpatched, a threat actor can take advantage of and exploit it, often through an automated attack. It is crucial for small businesses to take the steps to decrease their risk and -and ensure that they are not the lowest hanging fruit.

Small businesses must ask themselves: Can your business survive a cyber attack and afford the high out-of-pocket cost to recover? 

Threat actors continue to exploit the human element

Employees are more aware than ever of cyber attacks, but many people still aren’t practicing proper cyber hygiene to mitigate these digital threats. Because of this, phishing attacks are easy to execute (and easier to overlook), and can lead to costly incidents.

According to our new report, phishing accounted for over half of reported claims and can often lead directly to funds transfer fraud (FTF) claims. Threat actors trick employees into making a seemingly legitimate business payment and then redirect those payments to their own accounts. FTF claims are tricky to remediate due to the very short window in which they must be discovered and reported.

Historically, due to the human element and email tools companies use, threat actors have found email notoriously easy to exploit. Implementing simple proactive security controls such as multi-factor authentication (MFA) can easily prevent these attacks from occurring in the first place. Organizations that understand these risks implement security controls such as MFA designed to help secure email tools, minimize exposure, and protect employees.

Other key findings highlight the fluid nature of digital risks

While 2022 has brought a decrease in cyber claims (most notably ransomware claims) it remains to be seen whether this is a true downward trend or if claims are simply returning to the baseline after a dramatic spike starting in 2020. 

In addition to exploiting human error, we continue to see threat actors capitalize on risky technologies, such as on-premises Microsoft Exchange server. Having an unpatched, on-premise version of Exchange increases the change of a claim for small businesses by a staggering 118%.

The mid-year shifts in our most recent claims data highlight the fluid nature of digital risks. Ransomware claims have decreased, but we anticipate cyber criminals will adapt and find new ways to extort victims. To stay ahead of the next wave of risks, organizations must stay proactive and implement layers of procedure, security controls, and, ideally, purchase cyber insurance.

Cyber is always evolving; risk transference matters

Coalition's mission to deliver security for all means we are focused on protecting businesses of all sizes and giving them peace of mind that they could withstand a cyber incident — helping them to not be low-hanging fruit that entices threat actors.

We hope that this report, combined with consultative tools such as our personalized Cyber Risk Assessments, will help brokers have meaningful risk management conversations with their SMB clients. As a trusted risk advisor, it’s your role to educate your clients on why they can’t afford not to buy cyber insurance.

Recovery costs can multiply quickly, including legal, technical, forensics, and business interruption expenses — cyber insurance can be customized for an organization’s risk exposure and business needs.

We encourage our broker partners reading this to talk to their SMB clients about the fluid nature of digital risks and remind them that anyone can be a target. Cybersecurity is a team sport; we’re dedicated to playing alongside our policyholders and brokers as the game continues to change.

Download the full 2022 Cyber Claims Report: Mid-year Update now to see all the key insights and learn ways you can help reduce exposure to cyber threats.