Ransomware attacks are increasingly targeting smaller and mid-sized firms, as highlighted in the latest findings from Allianz’s Cyber Security Resilience 2025 report. The report reveals that in 2025, ransomware was involved in a striking 88% of breaches at smaller organizations, compared to 39% at larger enterprises. This shift in focus comes as attackers find fortified defenses in larger corporations, prompting them to seek out less protected victims.
Ransomware claims remain the leading cause of significant cyber insurance payouts. In the first half of 2025, ransomware accounted for approximately 60% of claims exceeding €1 million. While traditional encryption methods persist, attackers are adapting their strategies, increasingly prioritizing data exfiltration. This practice, which is generally less labor-intensive than encryption, is more likely to compel organizations to pay ransoms. The average global cost of a data breach has surged to nearly $5 million, driven by heightened privacy regulations and litigation risks that further amplify financial exposure.
Organizations are grappling with a landscape where the exploitation of employees represents the most accessible entry point for attackers. Tactics such as social engineering, phishing, and business email compromise continue to be prevalent. The advent of generative AI has made these schemes notably more convincing. Compromised credentials have emerged as the most common attack vector. Notable groups, such as Scattered Spider, have demonstrated the efficacy of using fake help desk calls and credential abuse to shift from account takeover to ransomware deployment in as little as 24 hours.
In the first half of 2025, retailers have emerged as the most targeted industry, surpassing others such as manufacturing and professional services in total losses since 2020. The vast amounts of personal data they handle and their intricate supply chains make them particularly appealing to cybercriminals. The report also identifies supply chain disruptions as a rising source of claims. Incidents that interrupt business operations due to supplier issues are increasing, compounded by a rise in cloud security incidents.
Interestingly, not all losses stem from hostile actions. Technical failures and privacy missteps are accounting for a growing share of claims. For the first time, business interruption linked to IT outages was included in Allianz’s dataset, partly due to a global service disruption affecting millions of systems. Privacy litigation has also surged, with over 1,500 actions filed in the United States in the previous year.
Despite the evolving threat landscape, Allianz’s analysis indicates a positive trend among insured entities. Overall claims severity has dropped by more than 50% in the first half of 2025, with very large claims declining by about 30%. The key difference appears to stem from improved preparation. In many instances, proactive measures taken by insured parties significantly mitigated claim costs. Basic cybersecurity controls, such as patching, segmentation, backups, and multi-factor authentication (MFA), have proven effective in limiting damages. Early detection and response can reduce losses by a factor of 1,000.
The emphasis on preparedness is underscored by the importance of tabletop exercises and business continuity planning. Business interruption remains a critical concern, representing over half the total value of cyber claims. Organizations that regularly practice response scenarios are better equipped to handle attacks when they occur.
As regulatory frameworks evolve, organizations must also adapt. In Europe, the upcoming Digital Operational Resilience Act and NIS2 directive will impose stricter risk management and reporting requirements across critical sectors. These new regulations are expected to challenge mid-sized firms that may lack mature systems but should ultimately foster improvements in resilience.
The cyber insurance market is on an upward trajectory, with projections indicating it will nearly double to $30 billion by 2030. Demand for coverage is escalating, particularly among mid-sized companies and in regions that have historically seen low uptake. Allianz’s report notes that insured firms experience significantly smaller increases in cyber loss impact compared to the broader rise in cybercrime.
According to Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial, “The global cyber insurance market is predicted to more than double to close to $30 billion by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change.”
Many organizations remain unaware of the comprehensive coverage options available, which can include expenses related to breach response, business interruption, and regulatory fines and penalties. As the cyber threat landscape continues to evolve, awareness and preparedness will be crucial in navigating the challenges ahead.
