The cyber risk and insurance landscape in 2025 reveals a complex and evolving threat environment. Large insured companies are becoming increasingly resilient against cyberattacks through strengthened cybersecurity and preparedness and response capabilities, helping mitigate the impact of some of the large cyber losses to date in 2025. However, the reliance on digital supply chains, the impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also broadening the scope of potential losses for all companies, according to the latest Cyber Security Resilience Outlook from Allianz Commercial.
During the first half of 2025, analysis of Allianz Commercial cyber claims shows the overall frequency of notifications was in line with activity a year earlier, with around 300 claims. Despite the increasing sophistication and volume of attacks companies face, claim severity has declined by more than 50%, while the frequency of large-loss claims is down by around 30%, driven by larger companies’ cumulative investments in cybersecurity, detection and response.
However, the expanding risk landscape means there is no room for complacency. Ransomware attacks remain the top driver of cyber incidents, while the focus of attackers is shifting to smaller or mid-sized companies, which are less resilient against cyberattacks and data breaches. Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.
Ransomware remains the biggest driver
“Several ransomware events have hit the headlines this year, but overall, we see that insured losses from these attacks have decreased in 2025 to date. Insureds’ increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1000 times higher than an incident that is detected and contained early,” explains Michael Daum, global head of cyber claims at Allianz Commercial.
Ransomware attacks accounted for around 60% of the value of large claims during the first half of 2025. High-profile incidents across many industries underscore ongoing threats, although there are signs that international co-ordination among law enforcement agencies and the strengthening of cybersecurity by large corporates are having a positive impact. Attackers are also shifting their focus to smaller firms, which are typically less resilient than multinationals, as well as to firms in other territories, such as Asia or Latin America. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms, according to Verizon.
As large companies have improved their response capabilities, recent years have seen a shift from purely extortion-based ransomware attacks to double extortion, including data exfiltration. About 40% of the value of large cyber claims during the first half of 2025 included data theft, up from 25% in all of 2024. Losses involving data exfiltration were more than twice those without. The average global data breach cost hit a record high, at almost US$5 million in 2024, driven by factors such as the impact of stricter data privacy regulations.
The retail sector has been particularly vulnerable to cyber incidents, ranking among the top three most impacted industries in an analysis of large cyber claims over the past five years, accounting for 9% of claims by value after manufacturing (33%) and professional services firms (18%). Retailers often have high revenues, handle large volumes of personal data, and are vulnerable to business interruption, which all provide leverage when making extortion demands. Large numbers of staff, suppliers and IT systems create a wide attack surface.
Expanding risk landscape
Meanwhile, an expanding risk landscape is also broadening the potential scope of losses for companies, with non-attack incidents, such as wrongful data collection and processing, as well as technical failures, accounting for a record 28% of large claims by value during 2024. At the same time, organisations continue to face new challenges and threats from their growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems.
There is also an increasing cyber-resilience gap between uninsured and insured organisations. In Germany, insurance industry figures show that the loss impact of cyber insureds increased by around 70% over four years, compared with a 250% increase in the economic impact of cybercrime. This resilience gap of more than 3:1 reflects cyber insurance policyholders’ heightened awareness of risk and their actions to mitigate it, many of which are a condition of obtaining insurance.
It also reflects the effectiveness of risk prevention services and incident response assistance provided by insurers. Minimising business interruption, which accounts for over 50% of cyber claim values, remains a key objective, as business continuity planning will significantly reduce costs for companies and insurers.
“The global cyber insurance market is predicted to more than double to close to US$30bn by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change. Many companies remain unaware of the breadth of coverage offered, which can include costs associated with breach response, business interruption, and regulatory fines and penalties,” says Jarrod Schlesinger, global head of financial lines and cyber at Allianz Commercial.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.