In 2026, cyber incidents is the top global risk for the fifth year in a row, according to global insurer Allianz Commercial’s Risk Barometer, with its highest-ever score (42% of responses), and by a higher margin than ever before (10%). It ranks as the main corporate concern in every region (Americas, Asia Pacific, Europe, and Africa and Middle East) surveyed in the Allianz Risk Barometer and is again ranked as the top risk for large, mid-sized and small firms.
Now in its 15th year, the Risk Barometer is an annual business risk ranking by corporate insurer Allianz Commercial that incorporates the views of 3,338 global risk management professionals on the main perils on their radar for the year ahead.
The continued presence of cyber at the top of the Allianz Risk Barometer reflects a deepening reliance on digital technology at a time when the cyber threat landscape, geopolitical and regulatory environments are fast evolving.
Large companies’ investments in cyber security and resilience have been paying off, ensuring they can detect and respond to attacks early. However, cyber risk continues to evolve. Organizations are increasingly reliant on third party providers for critical data and services, while artificial intelligence (AI) is supercharging threats, increasing the attack surface and adding to existing vulnerabilities.
Businesses are conscious of the need to invest in protection against cyber incidents, including increasing AI-driven threats. Around 90% of respondents say they anticipate making a “moderate” (47%) or “high” (43%) investment in cyber loss prevention, with just 9% intending to make a low investment.
The tools to protect against cyber-attacks are costly, yet the consequences of a successful incident are potentially catastrophic with huge business interruption and supply chain costs, as well as regulatory compliance and legal implications.
Against a background of increasing geopolitical tensions and heightened supply chain vulnerabilities, cyber is the risk of greatest concern across a broad range of industries, including manufacturing, aviation, chemicals, oil and gas, technology, telecommunications, transport, financial services, retail, food and beverage, and hospitality.
We are now seeing costly attacks on businesses and supply chains outside the US and Europe, with notable incidents in Asia in 2025. At the same time, regulations continue to tighten globally. Companies are increasingly exposed to tougher privacy and cyber security requirements in both home and export markets. For example, the European Union’s (EU) updated Product Liability Directive now extends to cyber security and covers AI, software and digital systems, across the supply chain.
Of course, cybercrime is highly profitable, with groups operating on an industrial scale. According to the FBI, cybercrime losses in the US soared to a record $16.6bn in 2024, a 33% increase annually. Ransomware has evolved into a sophisticated ecosystem in which specialist groups known as initial access brokers gain unauthorized access to an organization’s systems, which they sell on to affiliates that carry out the attack and demand ransom payments.
Cyber criminals are adept at exploiting vulnerabilities in cyber security – such as supply chains and employees – as well as leveraging the impact of business interruption and the release of sensitive data to extract ransom payments. According to Allianz Commercial cyber claims analysis, ransomware accounts for 60% of the value of large cyber claims (>€1mn) seen during the first half of 2025, while 40% of the value of large cyber claims seen during this period included data theft, up from 25% in all of 2024.
At the same time, attackers are also increasingly using AI to automate attack processes, which enables them to carry out more attacks, faster and more efficiently. AI is also lowering the bar for threat actors, making it easier for criminals who lack technical skills and ransomware expertise to execute attacks.
The continuing dominance of cyber risk in the Allianz Risk Barometer also reflects a growing reliance on third parties for critical data and digital services. Several attacks and outages have caused significant disruption to businesses, their supply chains, customers and the wider economy over the past 12 months, with notable incidents impacting many sectors in 2025. Attacks against two UK retailers alone caused estimated losses of up to £440mn ($585mn), according to the Cyber Monitoring Centre.
Digital infrastructure and technology are now critical to all businesses and their supply chains. Complex interconnected systems exist within organizations, third party suppliers and customers. As we have seen with recent incidents, a cloud outage, technical glitch or malicious attack can have huge implications for a business’s ability to produce and sell its goods and services, with the effects rippling through supply chains.
When the systems of a key customer or supplier are taken out it can have serious implications for the supply chain. Companies, even when not directly affected by the cyber incident, may not be able to process orders, make payments or manufacture goods. It can take months for an organization to recover and rebuild its systems following a ransomware attack – a task that is made even more difficult when it involves a complex just-in-time supply chain with thousands of suppliers.
In addition to malicious incidents, outages of critical digital services and infrastructure due to technical glitches and/ or human error are increasing in frequency and severity. Meanwhile, non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, accounted for a record 28% of large claims (>€1mn) by value during 2024, according to Allianz Commercial claims analysis.
Of particular concern is the oversized reliance in some sectors or organizations on a small number of third-party suppliers in areas like cloud services, software as a service, AI solutions and data processing. More than three quarters of companies use cloud services in most or all areas of their operations, yet just three companies control more than 60% of the global cloud infrastructure. In November and December 2025, two separate outages at internet service provider Cloudflare disrupted thousands of websites, while major cloud service providers Amazon Web Services, Microsoft Azure and Google Cloud all suffered separate significant outages in 2025.
To read the full report, please visit: 2026 Allianz Risk Barometer
