Estimated reading time: 5 minutes
VPNs from Cisco and Citrix pose the highest ransomware risk, while email-related cyber incidents jumped 30% last year, according to At-Bay’s 2025 InsurSec Rankings Report. The annual study, based on more than 100,000 policy years of claims data, shows that email and remote access together accounted for 90% of cyber insurance claims in 2024.
The report underscores how attackers continue to outpace traditional security defenses, heightening exposure for insured businesses and reshaping the cyber insurance landscape.
Email and Remote Access Drive Most Cyber Claims
At-Bay’s analysis found that email was the initial entry point in 43% of cyber incidents in 2024. Remote access tools were involved in 80% of ransomware attacks, with VPN devices playing a role in the majority of those cases.
“Email fraud is now one of the biggest drivers of losses,” said Adam Tyra, CISO for Customers at At-Bay. “Most security tools still focus on phishing links and malware, but our data shows they’re failing to catch AI-driven fraud emails that look legitimate.”
The findings suggest a cyber landscape in which even well-defended organizations face growing risks from sophisticated, automated attack campaigns.
Email Attacks Surge as Fraud Outpaces Phishing
Email-based attacks rose 30% year-over-year in 2024, marking a 3.5X increase since 2021. Manufacturing was hit hardest, with claims frequency up 62%, driven by attackers exploiting global supply chains and complex vendor networks.
The average financial fraud loss reached $286,000, with some cases exceeding $5 million. Larger companies with revenues between $100 million and $500 million were more than three times as likely to experience an email claim compared to smaller firms.
Sophos Tops Email Security Rankings; Google Workspace Still Leads Providers
At-Bay’s email security rankings show Sophos rising to the top for the first time, outperforming major competitors like Proofpoint and Mimecast. Despite this, most email security vendors saw increased claim rates.
Google Workspace maintained its lead among email service providers, but even its customers faced rising attacks. Claims frequency for Google Workspace users tripled year-over-year, while Microsoft 365 users saw a 65% increase.
At-Bay’s research attributes this spike to AI-powered financial fraud that evades rule-based email filtering. “Nearly every email security solution performed worse in 2024,” the report states. “Providers must pivot to fraud-specific detection.”
Cisco and Citrix VPNs Linked to Highest Ransomware Risk
VPNs designed to protect remote access are now among the riskiest technologies for ransomware, according to At-Bay’s claims data. Organizations using Cisco ASA SSL VPN or Citrix SSL VPN were 6.8 times more likely to fall victim to a ransomware attack than businesses without a VPN.
Self-managed, on-premise VPNs pose the greatest threat. Companies using them faced 3.7 times higher risk than those using cloud-based VPNs or none at all.
In contrast, businesses using Secure Access Service Edge (SASE) tools were largely absent from ransomware claims. SASE solutions route connections through the cloud, eliminating exposed VPN entry points and offering centralized patching.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Managed Detection and Response Emerges as Key Defense
The report highlights Managed Detection and Response (MDR) as the most effective safeguard against ransomware encryption. In many ransomware cases, At-Bay MDR teams contained active threats within 25 minutes, preventing full data encryption and loss.
“Our data shows that the only control consistently stopping ransomware is professionally managed detection and response,” said Tyra. “Human expertise paired with automation remains the strongest defense.”
At-Bay recommends businesses integrate MDR or Managed EDR (Endpoint Detection and Response) to detect and contain attacks early. According to the report, 90% of claims could have been prevented through MDR coverage.
AI Fraud and the Future of Email Security
Traditional Secure Email Gateways (SEGs) are struggling to keep pace with AI-generated email fraud. Attackers now impersonate finance staff or vendors by using near-identical domains and natural-language patterns.
At-Bay’s testing revealed that most SEGs missed nearly all fraud emails, while newer AI-based tools performed better. The company’s proprietary Fraud Defense platform leverages real-world claims data and large language models to detect these subtle threats across Microsoft 365 and Google Workspace environments.
Watch Our Podcast On Identity Governance and Email Security With Bojan Simic, HYPR CEO
Email and VPN Risks Shape Cyber Insurance Outlook
The 2025 InsurSec Rankings Report underscores how ransomware and email fraud are reshaping the cyber insurance market for ransomware. Insurers like At-Bay are adapting underwriting criteria to factor in remote access risks, MDR deployment, and the specific products companies use.
By linking claims data to specific technologies, At-Bay’s InsurSec platform provides brokers and policyholders with empirical insights into which tools reduce or increase risk exposure.
“With attackers moving faster than ever, risk visibility and managed defense are now non-negotiable,” the report concludes.
Conclusion: A Call for Proactive Security Integration
At-Bay’s findings paint a picture of accelerating cyber risk driven by aging defenses and advanced adversaries. Businesses can’t eliminate email or remote access. Still, they can mitigate exposure through managed security, AI-driven detection, and modern cloud-based tools.
As ransomware and email fraud evolve, the connection between ransomware cyber insurance and real-time threat intelligence will become increasingly critical to protecting enterprises from catastrophic loss.
Related Cyber Insurance Posts
