The world of cyber insurance in 2025 is seeing some interesting changes. Big companies have gotten better at protecting themselves from cyber attacks, which has made some cyber losses less severe. According to Allianz Commercial’s recent report, stronger security and faster responses are helping reduce the damage caused by cyber incidents.
Still, businesses can’t let their guard down. Digital supply chains are growing, rules are getting tougher, and scammers are coming up with new ways to trick people. These factors keep adding risk, especially for smaller and medium-sized companies that don’t have the same defenses as larger firms.
In the first half of 2025, Allianz saw about 300 new cyber insurance claims, roughly the same as last year. Despite this, the costs linked to these claims have dropped by more than half, and the big losses are down by around 30%. This improvement is thanks to ongoing investments in cybersecurity, detection, and response, particularly among bigger companies.
Ransomware remains the main problem, causing about 60% of the large claims’ value. Attackers are shifting their focus too, now targeting smaller businesses and regions like Asia and Latin America where defenses are weaker. Research from Verizon Business shows that ransomware was part of 88% of data breaches in small and medium companies, compared to 39% in bigger organizations.
One worrying trend is that ransomware attacks are moving beyond just locking up data for ransom. Now, they often include stealing data, which makes these attacks much more expensive. In the first half of the year, 40% of the value of big claims involved data theft, up from 25% in 2024. Claims involving stolen data tend to cost more than twice those without it. And with stricter privacy laws, the average cost of a data breach reached nearly US$5 million in 2024.
Retail has become one of the sectors hit hardest by cyber claims, ranking third in value behind manufacturing and professional services. Retailers face risks from high transaction numbers, lots of personal data, and disruptions to their operations. Their many staff, suppliers, and IT systems make them more open to ransomware and other cyber threats. Also notable, non-attack issues like poor data handling and technical glitches accounted for a record 28% of large claim values in 2024.
Asia-Pacific is a hotspot, seeing the most cyber attacks globally in 2024. The region had a 13% rise in incidents and made up 34% of all attacks worldwide, according to IBM. AON reported a 22% increase in cyber insurance claims in Asia that year. Allianz’s regional head, Karlis Trops, pointed out the complicated supply chains and outsourced work in Asia make managing cyber risk tough. Though more Asian companies are buying cyber insurance and working on resilience, many still cover risks themselves and thus remain vulnerable.
Experts say companies with operations in countries like Australia, the US, and the UK should look into multinational cyber insurance. This can help with the bigger financial risks tied to privacy laws and data breaches.
Looking ahead, Allianz expects the total number of claims in 2025 to stay around 700, but there may be more during the busy holiday shopping season. The global market for cyber insurance is growing fast and could pass US$30 billion by the end of the decade, yet adoption rates are still low. Allianz’s global cyber chief, Jarrod Schlesinger, stressed the importance of cyber insurance in today’s fast-changing tech and regulatory world. Many companies don’t realize these policies cover things like breach responses, business loss, fines, and penalties.
While the threat from ransomware gets plenty of attention, companies improving their early detection and response are limiting damage. As Michael Daum from Allianz put it, catching an attack early can make the cost difference huge—often a thousand times less than if the attacker stays in the system long enough to steal data and cause serious harm.
Businesses of all sizes will need to keep investing in security and remain alert. Despite progress, the cyber risk landscape is broad and always changing. Those who stay prepared can better protect themselves against the costly impacts of cybercrime.