Business wire
Active Insurance Provider Also Forecasts Over 45,000 Software Vulnerabilities in 2025
Coalition’s Cyber Threat Index 2025 Finds Most Ransomware Incidents Start with Compromised VPN Devices
Marisa Graves
Communications at Coalition
press@coalitioninc.com
Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today published its Cyber Threat Index 2025, detailing insights on cybersecurity trends from 2024 and emerging threats businesses should be aware of in 2025. According to the report, most ransomware claims in 2024 started with threat actors compromising perimeter security appliances (58%), like virtual private networks (VPNs) or firewalls. Remote desktop products were second-most (18%) exploited for ransomware attacks.
“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much—they’re still going after the same tried and true technologies with many of the same methods,” commented Alok Ojha, Coalition’s Head of Products, Security. “This means that businesses can have a reliable playbook, too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber attack. Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.”
Other key findings from the report include:
- The total number of published software vulnerabilities will increase to over 45,000 in 2025, a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024.
- Across all ransomware claims, the most common initial access vectors (IAVs) were stolen credentials (47%) and software exploits (29%). Vendors such as Fortinet®, Cisco®, SonicWall®, Palo Alto Networks®, and Microsoft® build the most commonly compromised products.
- Exposed logins are an underappreciated driver of ransomware risk. Coalition detected over 5 million internet-exposed remote management solutions and tens of thousands of exposed login panels across the internet. When applying for cyber insurance, most businesses (65%+) had at least one internet-exposed web login panel.
“This year’s report focuses on the most crucial security risks that under-resourced organizations should understand to better calibrate their defensive investments to bolster resilience,” said Daniel Woods, Senior Security Researcher at Coalition. “Calibration involves balancing security investment across vulnerabilities, misconfigurations, and threat intelligence while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. That’s why Coalition issues Zero-Day Alerts to help businesses, especially SMBs with limited security resources, stay ahead of these vulnerabilities and reduce alert fatigue by prioritizing those posing the greatest risk.”
Coalition employs artificial intelligence, honeypots, and human judgment to prioritize high-risk vulnerabilities based on their likelihood of exploitation. This risk prioritization reduces alert fatigue for policyholders and helps them focus on the most critical risks. Policyholders received critical alerts for just 0.15% of vulnerabilities published in the first ten months of 2024, and 90% never received an alert at all. These timely notifications enabled Coalition customers to remediate over 32,000 vulnerabilities last year.
To read Coalition’s full findings and download the report, visit: https://web.coalitioninc.com/DLC-Cyber-Threat-Index-2025.html.
About Coalition
Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage and cybersecurity tools, Coalition helps businesses manage and mitigate potential cyber attacks. Leveraging its relationships with leading global insurers and capacity providers, including Coalition Insurance Company, Coalition offers Active Insurance products to businesses in the United States, the United Kingdom, Canada, Australia, and Germany. Policyholders can receive automated cyber alerts and access expert advice and global third-party risk management tools through Coalition's cyber risk management platform, Coalition Control®.
Insurance products are offered by Coalition Insurance Solutions Inc. (“CIS”), a licensed insurance producer and surplus lines broker with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and available on an admitted basis through Coalition Insurance Company (“CIC”) a licensed insurance underwriter (NAIC # 29530). Insurance products offered through CIS and CIC may not be available in all states. Complete license and carrier information is available here. CIS may receive compensation from an insurer or other intermediary in connection with the sale of insurance. All decisions regarding any insurance products referenced herein, including approval for coverage, premium, commission, and fees, will be made solely by the insurer underwriting the insurance under the insurer’s then-current criteria. All insurance products are governed by the terms, conditions, limitations, and exclusions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms, conditions, and exclusions. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. or its affiliates.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250311684702/en/
