Introduction to Coalition’s Cyber Threat Index for 2025
Coalition, a prominent Active Insurance provider specializing in digital risk management, has released its comprehensive Cyber Threat Index for 2025. This report delves into the cybersecurity trends observed in 2024 and identifies emerging threats that businesses need to be vigilant about in 2025.
Ransomware Trends and Vulnerabilities
A significant insight from the report reveals that in 2024, the majority of ransomware claims were linked to vulnerabilities in perimeter security devices, such as virtual private networks (VPNs) and firewalls, contributing to 58% of ransomware incidents. Remote desktop services were the second most frequent attack vector, accounting for 18% of claims.
Alok Ojha, Coalition’s Head of Products, Security, remarked, “While ransomware remains a grave concern for all enterprises, these findings indicate that threat actors’ methods haven’t significantly evolved; they continue to exploit the same technologies using familiar tactics. Therefore, businesses can develop a reliable defense strategy by addressing the most critical security vulnerabilities first, effectively reducing the risk of ransomware or other cyber attacks. Continuous monitoring of attack surfaces to identify and mitigate potential vulnerabilities can mean the difference between a mere threat and a full-blown incident.”
Future Predictions and Emerging Threats
Looking ahead to 2025, the report forecasts that the number of identified software vulnerabilities will surpass 45,000, reflecting a nearly 15% increase from the first ten months of 2024. This translates to almost 4,000 new vulnerabilities emerging each month.
In the context of ransomware claims, the most common initial access methods (IAVs) were stolen credentials, which accounted for 47% of incidents, followed by software exploits at 29%. Frequently targeted products include those from vendors such as Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft.
Exposed Login Credentials and Mitigation Strategies
The report underscores the escalating risk posed by exposed login credentials. Coalition discovered over 5 million remote management solutions and numerous vulnerable login panels that were openly accessible via the internet. Moreover, more than 65% of companies applying for cyber insurance had at least one exposed login panel.
To mitigate these risks, Coalition employs a blend of artificial intelligence, honeypots, and human expertise to prioritize vulnerabilities based on their exploitation probability. This strategy helps reduce alert fatigue among policyholders, enabling them to focus on the most critical threats. Remarkably, only 0.15% of vulnerabilities identified in the first ten months of 2024 resulted in critical alerts, with 90% not triggering any alerts. Through this proactive approach, Coalition policyholders were able to address over 32,000 vulnerabilities in 2024.
Conclusion and Strategic Recommendations
“This year’s report emphasizes the most vital security risks that under-resourced organizations should comprehend to better allocate their defensive investments and enhance resilience,” stated Daniel Woods, Senior Security Researcher at Coalition. “Effective calibration involves balancing security investment across vulnerabilities, misconfigurations, and threat intelligence while also responding to emerging threats, such as zero-day vulnerabilities actively exploited in the wild. Coalition’s issuance of Zero-Day Alerts assists businesses, particularly SMBs with limited security resources, in staying ahead of these vulnerabilities and reducing alert fatigue by prioritizing those posing the greatest risk.”
