In a complex and evolving threat environment, large insured companies are becoming increasingly resilient against cyberattacks with the strengthening of cybersecurity, and preparedness and response capabilities helping to mitigate the impact of some of the large cyber losses in 2025 to date.
However, the reliance on digital supply chains, the impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also broadening the scope of potential losses for all companies, according to the latest Cyber Security Resilience Outlook from Allianz Commercial.
During the first half of 2025, analysis of Allianz Commercial cyber claims shows the overall frequency of notifications was in line with activity a year earlier – with around 300 claims.
Despite the increasing sophistication and volume of attacks companies face, claim severity has declined by more than 50%, while the frequency of large loss claims is down by around 30% – driven by larger companies’ cumulative investments in cybersecurity, detection, and response. However, the expanding risk landscape means there is no room for complacency.
Ransomware attacks remain the top driver of cyber incidents, while the focus of attackers is also shifting to smaller or mid-sized companies which are less resilient against cyberattacks and data breaches. Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.
“Several ransomware events have hit the headlines this year but, overall, we see that insured losses from these attacks have decreased in 2025 to date,” says Michael Daum, global head of Cyber Claims at Allianz Commercial. “Insureds’ increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute that they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1 000 times higher than an incident that is detected and contained early.”
Ransomware attacks accounted for around 60% of the value of large claims during the first half of 2025. High-profile incidents across many industries underscore ongoing threats, although there are signs international co-ordination by law enforcement agencies and the strengthening of cybersecurity by large corporates is having a positive impact. Attackers are also shifting focus to smaller firms which are typically less resilient than multinationals, as well as firms in other territories such as in Asia or Latin America. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms, according to Verizon.
As large companies have improved their response capabilities, recent years have seen a shift from purely extortion-based ransomware attacks to double extortion including data exfiltration – 40% of the value of large cyber claims during the first half of 2025 included data theft, up from 25% in all of 2024. Losses involving data exfiltration were more than double the value of those without. The average global data breach cost hit a record high at almost $5-million in 2024 driven by factors such as the impact of stricter data privacy regulation.
The retail sector has been particularly vulnerable to cyber incidents, entering the top three of most impacted industries, according to analysis of large cyber claims over the past five years – accounting for 9% of claims by value after manufacturing (33%) and professional services firms (18%). Retailers often have high revenues, handle large volumes of personal data, and are vulnerable to business interruption which all provide leverage when making extortion demands. Large numbers of staff, suppliers, and IT systems create a wide attack surface.
Meanwhile, an expanding risk landscape is also broadening the potential scope of losses for companies with non-attack incidents such as wrongful collection and processing of data, as well as technical failure, accounting for a record 28% of large claims by value during 2024.
At the same time, organisations continue to face new challenges and threats from their growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems.
Cyber-resilience gap between uninsured and insured organisations continues to widen
In Germany, insurance industry figures show that the loss impact of cyber insureds increased by around 70% over four years compared with a 250% increase in the economic impact of cybercrime. This resilience gap of more than 3:1 reflects cyber insurance policyholders’ heightened awareness of risk and their actions to mitigate it, many of which are a condition of obtaining insurance. It also reflects the effectiveness of risk prevention services and incident response assistance provided by insurers.
Minimising business interruption, which accounts for over 50% of cyber claim values, remains a key objective as business continuity planning will significantly reduce costs for companies and insurers.
“The global cyber insurance market is predicted to more than double to close to $30-billion by the end of the decade, yet penetration remains relatively low,” says Jarrod Schlesinger, global head of Financial Lines and Cyber at Allianz Commercial. “We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change.
“Many companies remain unaware of the breadth of coverage offered which can include costs associated with breach response, business interruption, and regulatory fines and penalties,” he adds.