Introduction to Coalition’s Cyber Threat Index 2025
Coalition, a leading provider of Active Insurance specializing in the management of digital risks, has released its comprehensive Cyber Threat Index for 2025. This report offers a detailed analysis of cybersecurity trends observed in 2024 and sheds light on emerging threats that businesses must prepare for in 2025.
Ransomware: A Persistent Threat
One significant insight from the report is that the majority of ransomware claims in 2024 were linked to vulnerabilities in perimeter security devices, including virtual private networks (VPNs) and firewalls, which accounted for 58% of ransomware incidents. Remote desktop services emerged as the second most common attack vector, responsible for 18% of claims.
Alok Ojha, Coalition’s Head of Products, Security, noted, “Although ransomware poses a serious threat to all businesses, it is evident that threat actors’ strategies haven’t significantly evolved. They continue to target well-known technologies using familiar methods. Businesses can also rely on a consistent playbook, focusing on mitigating the most significant security vulnerabilities to reduce the likelihood of a ransomware or other cyber attacks. Continuous monitoring of attack surfaces to detect these technologies and address potential vulnerabilities can be the key factor between a mere threat and an actual incident.”
Vulnerability Landscape: Looking Forward to 2025
Forecasts for 2025 suggest that the number of identified software vulnerabilities is anticipated to surpass 45,000, marking an approximately 15% increase from the first ten months of 2024, translating to nearly 4,000 new vulnerabilities each month.
As for ransomware claims, the most frequent initial access methods (IAVs) were stolen credentials, accounting for 47% of incidents, followed by software exploits at 29%. Products from vendors such as Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft were commonly targeted.
The Threat of Exposed Credentials
The report highlights the escalating risk posed by exposed login credentials. Coalition identified over 5 million remote management solutions and thousands of vulnerable login panels openly exposed to the internet. Moreover, more than 65% of companies applying for cyber insurance had at least one exposed login panel.
To combat these risks, Coalition employs a combination of artificial intelligence, honeypots, and human expertise to prioritize vulnerabilities based on their likelihood of exploitation. This strategy helps reduce alert fatigue among policyholders, enabling them to focus on the most critical threats.
Notably, only 0.15% of vulnerabilities recorded in the first ten months of 2024 resulted in critical alerts, with 90% of vulnerabilities not triggering any alerts. Thanks to this proactive strategy, Coalition policyholders successfully addressed over 32,000 vulnerabilities in 2024.
Guidance for Under-Resourced Organizations
Daniel Woods, Senior Security Researcher at Coalition, emphasized, “This year’s report zeroes in on the essential security risks that under-resourced organizations should comprehend to optimize their defensive investments and enhance resilience. Calibration requires balancing security investment across vulnerabilities, misconfigurations, and threat intelligence while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. Coalition delivers Zero-Day Alerts to assist businesses, especially SMBs with limited security resources, in staying ahead of these vulnerabilities and minimizing alert fatigue by prioritizing those posing the greatest risk.”
