Cyber Insureds Advance in Fighting Attackers, But Supply Chain Challenges Remain
- Ransomware continues to be the leading cause of financial losses, accounting for 60% of the value of significant cyber claims (>€1mn). There is a pressing need to address vulnerabilities in supply chains, privacy regulations, and social engineering, especially with a predicted rise in loss incidents as Black Friday approaches.
- In spite of the increase in cyberattacks, Allianz Commercial’s evaluation of cyber claims reveals a 50% reduction in severity and a 30% decline in the frequency of large claims during H1 2025, due to improved detection and response capabilities among larger entities.
- Ongoing cyber resilience challenges persist in the Asia Pacific region amid a rapidly changing threat environment.
SINGAPORE – Media OutReach Newswire – 24 September 2025 – The cyber risk and insurance framework in 2025 illustrates a complex and advancing threat landscape. Larger insured organizations are increasingly becoming better equipped to handle cyber threats, thanks to advancements in their cybersecurity protocols, readiness, and response strategies, which are alleviating some of the significant losses faced this year. However, the growing dependency on digital supply chains, the expanding range of privacy regulations, and a rise in sophisticated social engineering attacks targeting employees are amplifying the risk of losses across all businesses, as detailed in the latest Cyber Security Resilience Outlook from Allianz Commercial.
During the first half of 2025, Allianz Commercial’s findings indicate that the total frequency of cyber claims notifications remained stable compared to last year, with around 300 claims reported. Although attacks have become more complex and frequent, the severity of claims has decreased by over 50%, and the incidence of significant loss claims has dropped by roughly 30%. This enhancement is primarily driven by the substantial investments made by larger companies in cybersecurity and incident detection and response. Despite this progress, the evolving risk landscape means there is no room for complacency. Ransomware attacks continue to be the dominant cause of cyber incidents, with attackers increasingly targeting smaller and mid-sized firms that are less equipped to fend off cyber threats. The total number of cyber claims in 2025 is expected to remain stable (approximately 700), with a predicted surge in activity leading up to Black Friday at the end of November.
– Advertisement –
“While numerous ransomware incidents have made headlines this year, overall insured losses from these attacks have reduced in 2025. Improved detection and response capabilities are enabling covered entities to prevent some attacks at earlier stages. The further an attacker progresses, the greater the impact escalates exponentially. Costs associated with a ransomware incident that escalates to include data theft can be up to 1,000 times greater than those managed effectively at an earlier stage,” states Michael Daum, Global Head of Cyber Claims at Allianz Commercial.
Ransomware remains the predominant catalyst for cyber insurance claims
Ransomware incidents accounted for approximately 60% of the total value of significant claims during H1 2025. High-profile incidents across various industries underscore the ongoing threats, although there are signs that international cooperation among law enforcement and enhanced cybersecurity measures by larger companies are producing positive outcomes. Attackers are also shifting their focus towards smaller enterprises, which typically show less resilience compared to larger multinational corporations. According to Verizon, ransomware was implicated in 88% of data breaches at small and medium-sized businesses, while this figure dropped to 39% for large corporations.
Advertisements
As larger organizations have enhanced their response capabilities, there is a significant transition from solely extortion-focused ransomware attacks to double extortion that involves data exfiltration. In the first half of 2025, 40% of the value of large cyber claims included data theft, a rise from 25% in 2024. Losses linked to data exfiltration were more than double those without it. The average global cost of a data breach reached an unprecedented high of nearly US$5mn in 2024, largely due to stricter data privacy laws.
The retail sector has exhibited particular susceptibility to cyber incidents, ranking among the top three affected industries based on analysis of large cyber claims over the past five years, representing 9% of claims by value after manufacturing (33%) and professional services (18%). The retail sector is characterized by substantial revenues, extensive handling of personal data, and vulnerability to business interruptions, which all contribute to potential extortion situations. A large number of employees, suppliers, and IT systems create a broad attack surface.
Furthermore, the expanding risk landscape also broadens the potential for losses for companies, with non-attack incidents, such as improper data collection and processing, alongside technical failures, accounting for a record 28% of large claims by value in 2024. Simultaneously, organizations are facing new challenges and threats arising from their increasing reliance on digital supply chains, the implications of growing privacy regulations, and the rising prevalence of social engineering attacks, which often involve sophisticated impersonations of company staff to gain access to corporate systems.
Cyber resilience deficiencies in Asia Pacific amid a more hazardous climate
The Asia Pacific region experienced the highest number of cyberattacks in 2024, reflecting a 13% year-on-year increase and representing 34% of global attacks, as reported by IBM. AON corroborates this, noting a 22% rise in cyber insurance claims in the Asia Pacific in 2024 compared to the previous year. Ransomware remains a pressing issue, constituting all of Allianz Commercial’s cyber losses in Asia during H1 2025.
– Advertisement –
Advertisements
“A significant number of companies have established Asia as the hub for their complex supply chains and outsourcing of critical business functions. While organizations recognize third-party and supply chain risks, effectively mitigating these risks remains a substantial challenge, requiring extensive cross-departmental collaboration among IT, procurement, legal, and compliance teams. In recent years, there has been an increase in claims arising from IT supply chain risks, originating from both malicious attacks and technical failures. This has resulted in a noticeable rise in mandatory cyber insurance purchases. In particular, large companies in Asia are increasingly displaying cyber resilience and a readiness to delve into cyber risk transfer solutions, yet their overall coverage tends to lag behind that of their U.S. or European counterparts,” explains Karlis Trops, Head of Cyber & Tech Professional Indemnity at Allianz Commercial Asia.
“Despite this, a considerable portion of large organizations still operate on a self-insured basis, which also applies to small and medium-sized enterprises that are more vulnerable to cyber risks. Asian companies with an international footprint should consider multinational cyber solutions, particularly those operating in regions like Australia, the U.S., and the U.K., where financial repercussions from privacy litigation and data breaches often tend to be higher,” adds Karlis Trops.
“The global cyber insurance market is projected to more than double to nearly US$30bn by the end of the decade; however, penetration remains relatively low. It is crucial to underline the essential role of cyber insurance in fostering resilience in the midst of rapid technological and regulatory changes. Many businesses are still unaware of the extensive coverage options available, which can include expenses related to breach response, business interruptions, and regulatory fines and penalties,” notes Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial.
Hashtag: #Allianz
https://commercial.allianz.com/
https://www.linkedin.com/company/allianz-commercial/
The issuer is solely responsible for the content of this announcement.
Allianz Commercial
Allianz Commercial acts as the global division of Allianz Group dedicated to insuring mid-sized businesses, large enterprises, and specialized risks. Our clients include some of the world’s largest consumer brands, financial institutions, and industry leaders, as well as sectors like aviation and shipping, along with family-owned businesses that form the foundation of the economy. We also cover unique risks, including offshore wind farms, infrastructure projects, and film productions. Powered by our dedicated workforce, financial strength, and the network of the world’s leading insurance brand, we work together to assist our customers in preparing for future challenges. They rely on us for a broad array of traditional and alternative risk transfer solutions, exceptional risk consulting, and multinational services, along with streamlined claims handling. Allianz Commercial combines the corporate insurance business of Allianz Global Corporate & Specialty (AGCS) with the property and casualty business of local Allianz entities serving mid-sized firms. Our operations extend across over 200 countries and territories, with support from our employees or the Allianz Group network and partners. In 2024, Allianz Commercial generated around €18 billion in gross premiums worldwide.https://commercial.allianz.com/
Powered by WPeMatico
– Advertisement –