Large insured companies that have strengthened their cybersecurity preparedness and response capabilities are becoming increasingly resilient against cyberattacks, helping mitigate some large cyber losses in 2025, according to a recent report by Allianz Commercial.
Analysis of Allianz Commercial cyber claims indicates severity is down by 50 percent and large claims frequency by 30 percent during the first half of 2025 to date, driven in large part by larger companies’ increased detection and response capabilities.
Analysis showed the overall frequency of notifications was in line with activity a year prior, with around 300 claims.
Ransomware attacks remain the top driver of cyber incidents, totaling 60 percent of large cyber claims costs (>€1 million), with attackers shifting their focus to smaller or mid-sized companies, which are typically less resilient against cyberattacks and data breaches.
Attackers are also shifting focus to smaller firms, which are typically less resilient than multinationals, as well as firms in other territories, such as Asia or Latin America.
Ransomware was involved in 88 percent of data breaches at small and medium firms compared to 39 percent at large firms, according to Verizon.
While high-profile incidents across a myriad of industries underscore the ongoing threat, it appears international coordination by law enforcement agencies and strengthened cybersecurity by large corporations are having a positive impact.
Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.
Improved response capabilities have led to a shift from purely extortion-based ransomware attacks to double extortion, including data exfiltration – 40 percent of the value of large cyber claims during the first half of 2025 included data theft, up from 25 percent in all of 2024.
Losses involving data exfiltration were more than double the value of those without.
The average global data breach cost hit a record high of almost US$5 million in 2024, driven by stricter data privacy regulations.
The retail sector is one of the top three most impacted industries, according to analysis of large cyber claims over the past five years, accounting for 9 percent of claims by value after manufacturing (33 percent) and professional services firms (18 percent).
The high revenue, vast personal data, and business interruption vulnerability of the retail sector provide leverage in extortion demands. Large numbers of staff, suppliers, and IT systems create a wide attack surface, the analysis showed.
The report warns that the expanding risk landscape is broadening the potential scope of claims for all, while the gap between insured and uninsured widens.
Reliance on digital supply chains, the impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also factors broadening the scope of potential losses for all companies, according to the Cyber Security Resilience Outlook.
“Several ransomware events have hit the headlines this year, but overall, we see that insured losses from these attacks have decreased in 2025 to date. Insureds’ increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute that they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1,000 times higher than an incident that is detected and contained early,” explains Michael Daum, global head of Cyber Claims at Allianz Commercial.
An expanding risk landscape is also broadening the potential scope of losses for companies, with non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, totaling a record 28 percent of large claims by value during 2024.
Organizations continue to face new challenges and threats from growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems, the report outlined.
In Germany, insurance industry figures show that the loss impact of cyberinsureds increased by around 70 percent over four years, compared with a 250 percent increase in the economic impact of cybercrime. This highlights a resilience gap of more than 3:1, reflecting cyber insurance policyholders’ heightened awareness of risk and ways to mitigate it, many of which are a condition of obtaining insurance.
Risk prevention services and incident response assistance provided through insurance highlight their effectiveness.
A key objective is minimizing business interruption, which accounts for over 50 percent of cyber claim values, by ensuring a business continuity plan is in place to reduce costs for companies and insurers.
“The global cyber insurance market is predicted to more than double to close to US$30 billion by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change. Many companies remain unaware of the breadth of coverage offered, which can include costs associated with breach response, business interruption, and regulatory fines and penalties,” says Jarrod Schlesinger, global head of Financial Lines and Cyber at Allianz Commercial.
