A report from KnowBe4 delves into the relationship between cybersecurity and insurance as digital infrastructure grows increasingly intertwined into business operations. The report highlights that the average cost of a data breach in 2024 was $4.88 million, with some variation depending on region — the United States, for instance, typically saw higher costs. Among small and medium-sized enterprises (SMEs), 97% of cyber insurance claims resulted from criminal activities. Within large organizations, cyber insurance claims caused by criminal activity were at 86%.

The leading causes of loss were ransomware and business email compromise (BEC). These attacks accounted for 53% of claims more than $1,000 between 2019 and 2023. The most common attack vectors to accomplish these breaches included social engineering and phishing (44%), cloud misconfiguration (12%), malicious insider actions (7%), physical security compromise (6%), and data loss/lost or stolen devices (6%). In total, human risk comprised 75% of data breaches. 

According to the report, businesses across the globe now consider cyber incidents to be the greatest risk, exceeding concerns such as supply chain disruptions or natural disasters.