The cyber security landscape in 2025 is evolving rapidly, marked by stronger resilience and new types of risks. According to Allianz Commercial’s latest cyber risk report, large insured companies are improving their defense systems and response strategies. These measures have helped reduce the impact of major cyber incidents this year. However, growing dependence on digital supply chains, expanding privacy regulations, and sophisticated social engineering attacks continue to challenge organizations globally.

1. Cyber Claims and Loss Trends

Allianz Commercial’s analysis shows that cyber claim frequency in the first half of 2025 remains consistent with last year. After a sharp rise in 2023, claim severity has now fallen by over 50%, while large loss claims (over €1 million) are down by about 30%. This improvement reflects strong investments in cyber security, detection, and response capabilities.

Yet, there’s no room for complacency. Ransomware attacks remain the leading cause of cyber incidents. New challenges such as contingent business interruption, technology failures, and privacy litigation are driving significant losses. In 2024, wrongful data collection and outages represented 28% of the total value of large claims.

2. Data Exfiltration: The Top Loss Driver

As large firms strengthen their response systems, attackers have shifted tactics. They now favor double extortion – combining encryption with data theft. In early 2025, 40% of large cyber claims involved data exfiltration, up from 25% in 2024. Losses tied to data theft are now more than double those without it.

This trend is fueled by stricter privacy regulations and the increasing cost of data breaches, which reached an all-time global average of US$5 million in 2024.

3. Social Engineering and Credential-Based Attacks

Recent attacks show a rise in social engineering and credential compromise tactics. Cybercriminals often impersonate employees to bypass IT defenses. Many incidents begin with phishing or through credentials sold on the dark web. In 2024, around 60% of breaches involved human error or manipulation. Attackers also exploit suppliers and IT vendors to infiltrate systems, highlighting the need for stronger supply chain security.

4. Most Impacted Sectors: Manufacturing, Services, and Retail

Manufacturers faced the highest number of large cyber claims since 2020, accounting for 33% by value. Professional services and consulting firms followed with 18%, and retail companies accounted for 9%. Retailers remain a prime target due to their customer data and payment processing systems.

5. Supply Chain Dependency and CBI Risks

Cyber risks from IT supply chains are a growing concern. Contingent business interruption (CBI) events made up 15% of large claims in 2025, up from just 6% in 2024. Such disruptions stem from both cyberattacks and technical failures at third-party service providers, including software and cloud platforms. Effective vendor contracts, access control, and supplier audits are essential to reduce these exposures.

6. Privacy Regulation and Litigation

Privacy-related claims continue to rise, accounting for 18% of large cyber losses in 2024 — triple the level of three years ago. These involve wrongful data processing, non-compliance with privacy laws, and breaches of consumer data.

In early 2025, technology and media professional indemnity claims represented 25% of large cyber claims, often linked to performance issues, technical faults, or privacy regulation breaches.

7. Detection, Response, and Training Lower Claim Costs

Strong cyber hygiene, early detection, and rapid incident response play a major role in reducing losses. In over 80% of large claims, insureds’ proactive decisions helped reduce damage. Effective detection can lower claim costs by up to 1,000 times.

8. Growing Resilience Gap Between Insured and Uninsured Firms

The resilience gap between insured and uninsured organizations continues to widen. In Germany, insured companies saw a 70% rise in cyber loss impact over four years — much lower than the 250% rise in overall economic cybercrime impact.

Cyber insurance policyholders benefit from better risk management, prevention services, and incident response guidance. Early detection and business continuity planning have proven effective in cutting business interruption costs, which account for over 50% of cyber claim values.

9. Cyber Insurance Market Outlook

Cyber insurance remains central to corporate resilience strategies. It provides both financial protection and access to expert response teams. The global market is projected to grow to nearly US$30 billion by 2030, driven by increasing digitalization and risk awareness. Demand is also rising among mid-sized businesses and underinsured regions.

Conclusion

The cyber security resilience of 2025 reflects a shift toward stronger defenses and smarter incident management. Organizations investing in cyber hygiene, employee awareness, and response mechanisms are seeing tangible results. However, as digital ecosystems expand, maintaining vigilance, regulatory compliance, and adaptive protection will remain vital for long-term cyber resilience.