- Ransomware is the biggest loss driver, accounting for 60% of the value of large cyber claims (>€1mn), while threats posed by supply chains, privacy regulation and social engineering require attention, especially as an uptick in loss activity is expected from Black Friday onwards.
- Despite the increasing level of attacks, analysis of Allianz Commercial cyber claims shows severity is down by 50% and large claims frequency by 30% during H1 2025 to date, driven by larger companies’ elevated detection and response capabilities.
- However, the expanding risk landscape is broadening the potential scope of claims for all, while the gap between insured and uninsured widens.
September 24, 2025: The cyber risk and insurance landscape in 2025 reveals a complex and evolving threat environment. Large insured companies are becoming increasingly resilient against cyber-attacks with strengthening of cyber security and preparedness and response capabilities helping to mitigate the impact of some of the large cyber losses in 2025 to date. However, the reliance on digital supply chains, impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also broadening the scope of potential losses for all companies, according to the latest Cyber Security Resilience Outlook from Allianz Commercial.
During the first half of 2025, analysis of Allianz Commercial cyber claims shows the overall frequency of notifications was in line with activity a year earlier with around 300 claims. Despite the increasing sophistication and volume of attacks companies face, claim severity has declined by more than 50%, while the frequency of large loss claims is down by around 30%, driven by larger companies’ cumulative investments in cyber security, detection and response. However, the expanding risk landscape means there is no room for complacency. Ransomware attacks remain the top driver of cyber incidents while the focus of attackers is also shifting to smaller or mid-sized companies which are less resilient against cyber-attacks and data breaches. Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.
“Several ransomware events have hit the headlines this year, but overall, we see that insured losses from these attacks have decreased in 2025 to date. Insureds’ increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute that they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1,000 times higher than an incident that is detected and contained early,” explains Michael Daum, Global Head of Cyber Claims at Allianz Commercial.
Ransomware remains biggest driver of cyber insurance claims
Ransomware attacks accounted for around 60% of the value of large claims during the first half of 2025. High-profile incidents across many industries underscore ongoing threats, although there are signs international co-ordination by law enforcement agencies and the strengthening of cyber security by large corporates is having a positive impact. Attackers are also shifting focus to smaller firms, which are typically less resilient than multinationals, as well as firms in other territories, such as in Asia or Latin America. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms, according to Verizon.
As large companies have improved their response capabilities, recent years have seen a shift from purely extortion-based ransomware attacks to double extortion including data exfiltration – 40% of the value of large cyber claims during the first half of 2025 included data theft, up from 25% in all of 2024. Losses involving data exfiltration were more than double the value of those without. The average global data breach cost hit a record high at almost US$5mn in 2024, driven by factors such as the impact of stricter data privacy regulation.
The retail sector has been particularly vulnerable to cyber incidents, entering the top three of most impacted industries, according to analysis of large cyber claims over the past five years, accounting for 9% of claims by value after manufacturing (33%) and professional services firms (18%). Retailers often have high revenues, handle large volumes of personal data, and are vulnerable to business interruption, which all provide leverage when making extortion demands. Large numbers of staff, suppliers and IT systems create a wide attack surface.
Meanwhile, an expanding risk landscape is also broadening the potential scope of losses for companies, with non-attack incidents, such as wrongful collection and processing of
data, as well as technical failure, accounting for a record 28% of large claims by value during 2024. At the same time, organizations continue to face new challenges and threats from their growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems.
Cyber-resilience gap between uninsured and insured organizations continues to widen
In Germany, insurance industry figures show that the loss impact of cyber insureds increased by around 70% over four years, compared with a 250% increase in the economic impact of cyber crime. This resilience gap of more than 3:1 reflects cyber insurance policyholders’ heightened awareness of risk and their actions to mitigate it, many of which are a condition of obtaining insurance. It also reflects the effectiveness of risk prevention services and incident response assistance provided by insurers. Minimizing business interruption, which accounts for over 50% of cyber claim values, remains a key objective, as business continuity planning will significantly reduce costs for companies and insurers.
“The global cyber insurance market is predicted to more than double to close to US$30bn by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change. Many companies remain unaware of the breadth of coverage offered, which can include costs associated with breach response, business interruption, and regulatory fines and penalties,” says Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial.
