Ransomware remains the leading cause of costly cyber claims


Cyber threats are shifting in 2025, and while large companies are still targets, attackers are turning their attention to smaller and mid-sized firms. According to Allianz’s Cyber Security Resilience 2025 report, hardened defenses at major corporates have pushed criminals to go after easier prey. The data shows ransomware was involved in 88% of breaches at small and medium firms compared to 39% at larger enterprises.

Ransomware and data theft

Ransomware remains the leading cause of large cyber claims. In the first half of 2025, it accounted for about 60% of claims valued at over €1 million. But attackers are adapting their methods. Rather than relying solely on encryption, many are now focusing on data exfiltration. These types of breaches are often more complex and costly to resolve.

It shows just how valuable stolen data can be to attackers. Exfiltration requires less effort than encryption and is more likely to trigger ransom payments. With the average global breach cost climbing close to $5 million last year, privacy rules and litigation risks are adding to the financial exposure.

Social engineering and credential abuse

Attackers are exploiting employees as the easiest entry point. Social engineering, phishing, and business email compromise remain common tactics, with generative AI making these schemes more convincing. Compromised credentials are now the most frequent attack vector.

Groups like Scattered Spider illustrate the trend, using fake help desk calls and credential abuse to move from account takeover to ransomware deployment in as little as 24 hours.

Sector and supply chain pressures

Retailers have become the most targeted industry in the first half of 2025. Since 2020, they rank behind only manufacturing and professional services in total losses. Their large volumes of personal data and complex supply chains make them attractive to attackers.

The report also flags supply chain disruption as a growing source of claims. Events that interrupt business due to issues with suppliers are becoming more common, and cloud security incidents are on the rise as well. Even organizations with internal controls can be hit hard if a vendor suffers an outage or breach.

Non-attack incidents add weight

Not all losses come from hostile activity. Technical failures and privacy missteps are accounting for a greater share of claims. Business interruption linked to IT outages entered Allianz’s dataset for the first time, fueled in part by a global service disruption that affected millions of systems. At the same time, privacy litigation is rising fast, with more than 1,500 actions filed in the US last year.

Detection, response, and preparedness

Despite the threat landscape, Allianz’s analysis shows positive momentum among insureds. Overall claims severity declined by more than 50% in the first half of 2025, while the number of very large claims dropped by about 30%. The difference comes down to preparation.

In most cases, the insured’s actions had a significant impact on claim costs. Basic controls like patching, segmentation, backups, and MFA limited the damage. Early detection and response can cut losses by a factor of 1,000.

Tabletop exercises and business continuity planning are highlighted as vital. Business interruption still represents over half the value of cyber claims, and organizations that practice response scenarios fare far better when attacks occur.

Regulation and insurance outlook

The regulatory bar is also rising. In Europe, the Digital Operational Resilience Act and NIS2 directive will require stronger risk management and reporting across critical sectors. These frameworks will be demanding for mid-sized firms that lack mature systems but should drive improvements in resilience.

Cyber insurance continues to expand, with the global market projected to nearly double to $30 billion by 2030. Demand is growing fastest among mid-sized companies and regions with historically low uptake. The report notes that insured firms show much smaller increases in cyber loss impact compared to the overall growth in cybercrime.

“The global cyber insurance market is predicted to more than double to close to $30 billion by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change. Many companies remain unaware of the breadth of coverage offered, which can include costs associated with breach response, business interruption, and regulatory fines and penalties,” says Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial.



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.