On April 23, 2026, the Consortium of Cybersecurity Clinics hosted its biannual event, held each semester, called the “Clinic of Clinics.” This event gives students in a school’s cybersecurity clinic a chance to connect with peers worldwide and hear from experts in their fields. The 90-minute session featured a keynote presentation from Ian Mandell, Claims Counsel at Coalition, Inc. Ian led a lively discussion with participants, sharing his insights and experience in response to questions from the community. The session concluded with peer networking for clinic students and alumni, allowing them to connect and share ideas with students from other clinics.
Guest Speaker: Ian Mandell, Claims Counsel at Coalition, Inc.
Ian Mandell shared with students that his own path into cybersecurity was not straightforward. Originally majoring in Middle Eastern Studies and Security Studies, he emphasized that even a winding path can lead you to the right place with dedication and passion.
Insights from Mandell’s Presentation
Drawing from the cyber insurance claims data Ian shared, he discussed some of today’s most common cyber threats, including Business Email Compromise (BEC), Funds Transfer Fraud (FTF), and ransomware. According to data from Ian’s presentation, Coalition’s global cyber insurance claims are broken down as follows:
- 31% Business Email Compromise (BEC),
- 27% Funds Transfer Fraud (FTF), and
- 21% Ransomware.
Industries with more customer and vendor touchpoints generally experience a higher frequency of claims, while more data-intensive industries typically face higher losses pre-incident.
Key takeaways from Ian’s presentation include:
- Business Email Compromise (BEC) Ian explained that these attacks can begin as small incidents but become footholds for much larger breaches, making early detection critical.
- In the case of Funds Transfer Fraud (FTF), FTFs can result from various tactics, such as cybercriminals impersonating a bank representative to gain access to accounts. Ian emphasized safeguards such as multifactor authentication (MFA) and verifying requests before sharing sensitive information over the phone.
- In these FTF cases, time is critical. Once funds have been transferred, the victim may have as little as 24 hours to attempt to recover stolen funds before the likelihood of recovery decreases significantly.
- Coalition’s data shows businesses now refuse ransom demands 86% of the time. While ransomware demands have increased, organizations are better able to avoid paying ransom demands due to many reasons, such as stronger backup practices. However, ransomware incidents still cost organizations time and money, and there is no guarantee that cybercriminals will not retain stolen data; negotiation may still be necessary to assess the threat level.
- “Dual extortion” ransomware attacks are becoming more common, with threat actors both encrypting systems and threatening to publicly release stolen data. Immediate containment and isolation of affected systems can help reduce costs and prevent a total system shutdown.
- About 59% of ransomware attacks exploit VPN vulnerabilities, including commonly used platforms such as SonicWall, Fortinet, and Cisco.
- Beyond the technical aspects, Ian highlighted the human element involved in ransomware negotiations, including analyzing cybercriminal groups’ reputations based on whether they keep their end of the deal. Some of these groups operate customer-service-style support lines for victims.
Q&A SESSION
Following the presentation, the floor opened to a spirited dialogue between our students, alumni, and clinic instructors. Though the clock cut the Q&A short, the following community questions and responses from Ian* capture the core of the discussion.
Q: Do small business owners feel overwhelmed by the excessive recommendations given to them? And if so, how do you ease that tension?
A: Everything they worked so hard to create could just evaporate overnight because of one cyber criminal. Their data is taken, and they think it is all over. We bring in excellent vendors who can help take the burden off their shoulders. Once the initial shock passes, they begin to see the work being done in a timely manner, which lightens the burden on these small organizations.
Q: For BEC and FTF, are you seeing more threat actors using AI or deepfakes to pull these off, or is social engineering still the primary attack vector?
A: We are seeing a lot of social engineering right now, but trust me, we are all concerned about AI moving forward. We’re seeing stories about AI finding vulnerabilities and bugs, but it can work both ways. We’re also concerned about how effectively AI can mimic people, which presents a challenge when verifying if we are talking to a real person or AI.
* Please note that the questions and answers have been paraphrased for the purpose of this recap. Ian’s views are his own, and informed by his personal and professional experience, but are not intended to represent Coalition, Inc.
Breakout sessions
The session concluded with a lively peer networking session for clinic students and alumni. These exchanges offered a rare glimpse into the diverse lives of peers at other clinics. It became clear that Ian’s non-traditional path into cybersecurity wasn’t an outlier; it was a theme. Many students with varied backgrounds shared how the clinic served as an essential entry point to the field of cyber.
Another powerful truth emerged: these aren’t just classmates. They are future colleagues. The bonds formed here are the seeds of a professional network that will shape the cybersecurity workforce for years to come.
Final Reflections
The Spring 2026 “Clinic of Clinics” pulled back the curtain on a critical, yet often-unseen, pillar of the industry: the intersection of incident response, policy, and cyber insurance. By leveraging front-line data and his deep expertise in law, policy and cyber, Ian demonstrated that cybersecurity for small organizations is about more than just defense; it’s about resilience.
While offensive security often grabs the headlines, the real-world impact of a cyber event is managed through precise reporting, clear client communication, and the strategic application of insurance data. For the next generation of practitioners, mastering these “human-centric” professional skills isn’t just an add-on. It’s what will allow them to lead the industry and protect the communities that need it most.
About the Consortium:
The Consortium of Cybersecurity Clinics is a global network of higher-education-based cybersecurity clinics and allies working to advance cybersecurity education for public good. We serve as a forum for faculty, students, trainers, and advocates to network and share knowledge, expand the reach of cybersecurity clinics, and lower the barriers for other institutions of higher education to successfully establish their own clinics.
