Allianz Commercial: Cyber insureds gain momentum against attackers, but supply chain challenges remain

News > Business News

Audio By Carbonatix

9:00 PM on Tuesday, September 23

The Associated Press

Ransomware is the biggest loss driver, accounting for 60% of the value of large cyber claims (>€1mn), while threats posed by supply chains, privacy regulation and social engineering require attention, especially as an uptick in loss activity is expected from Black Friday onwards.
Despite the increasing level of attacks, analysis of Allianz Commercial cyber claims shows severity is down by 50% and large claims frequency by 30% during H1 2025 to date, driven by larger companies' elevated detection and response capabilities.
Cyber resilience gaps in Asia Pacific persist amidst an increasingly threatening landscape.

SINGAPORE - Media OutReach Newswire - 24 September 2025 - The cyber risk and insurance landscape in 2025 reveals a complex and evolving threat environment. Large insured companies are becoming increasingly resilient against cyber-attacks with strengthening of cyber security and preparedness and response capabilities helping to mitigate the impact of some of the large cyber losses in 2025 to date. However, the reliance on digital supply chains, impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also broadening the scope of potential losses for all companies, according to the latest Cyber Security Resilience Outlook from Allianz Commercial.
During the first half of 2025, analysis of Allianz Commercial cyber claims shows the overall frequency of notifications was in line with activity a year earlier with around 300 claims. Despite the increasing sophistication and volume of attacks companies face, claim severity has declined by more than 50%, while the frequency of large loss claims is down by around 30%, driven by larger companies' cumulative investments in cyber security, detection and response. However, the expanding risk landscape means there is no room for complacency. Ransomware attacks remain the top driver of cyber incidents while the focus of attackers is also shifting to smaller or mid-sized companies which are less resilient against cyber-attacks and data breaches. Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.
"Several ransomware events have hit the headlines this year, but overall, we see that insured losses from these attacks have decreased in 2025 to date. Insureds' increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute that they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1,000 times higher than an incident that is detected and contained early," explains Michael Daum, Global Head of Cyber Claims at Allianz Commercial.
Ransomware remains biggest driver of cyber insurance claims

Ransomware attacks accounted for around 60% of the value of large claims during the first half of 2025. High-profile incidents across many industries underscore ongoing threats, although there are signs international co-ordination by law enforcement agencies and the strengthening of cyber security by large corporates is having a positive impact. Attackers are also shifting focus to smaller firms, which are typically less resilient than multinationals, as well as firms in other territories, such as in Asia or Latin America. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms, according to Verizon.
As large companies have improved their response capabilities, recent years have seen a shift from purely extortion-based ransomware attacks to double extortion including data exfiltration – 40% of the value of large cyber claims during the first half of 2025 included data theft, up from 25% in all of 2024. Losses involving data exfiltration were more than double the value of those without. The average global data breach cost hit a record high at almost US$5mn in 2024, driven by factors such as the impact of stricter data privacy regulation.
The retail sector has been particularly vulnerable to cyber incidents, entering the top three of most impacted industries, according to analysis of large cyber claims over the past five years, accounting for 9% of claims by value after manufacturing (33%) and professional services firms (18%). Retailers often have high revenues, handle large volumes of personal data, and are vulnerable to business interruption, which all provide leverage when making extortion demands. Large numbers of staff, suppliers and IT systems create a wide attack surface.
Meanwhile, an expanding risk landscape is also broadening the potential scope of losses for companies, with non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, accounting for a record 28% of large claims by value during 2024. At the same time, organizations continue to face new challenges and threats from their growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems.
Cyber resilience gaps in Asia Pacific amidst an increasingly threatening landscape

The Asia Pacific region experienced the most cyber-attacks in 2024, increasing 13% year-on-year and accounting for 34% of attacks globally, according to IBM. This is corroborated by AON, which reported a 22% rise in cyber insurance claims for Asia Pacific in 2024 over the prior year. Ransomware is also a major concern, and accounts for all of Allianz Commercial's cyber losses in Asia for the first half of 2025.
"A significant number of companies have selected Asia as home for their complex supply chains as well as outsourcing of key business processes. While organizations recognize third-party and supply chain risk, in practice this is a challenge to mitigate and requires significant cross-functional collaboration internally, from the IT, procurement, to legal and compliance departments. Over the past few years, we have seen increased claim activity resulting from IT supply chain risks, in the form of both malicious attacks and technical failures. As a result, there continues to be an uptick in contractually driven cyber insurance purchases. Businesses in Asia, in particular large companies, have also shown an increase in cyber resilience and appetite for cyber risk transfer solutions, although their overall cyber coverage is generally lower compared to American or European peers.
"That said, a significant portion of large organizations still remain self-insured, and the same applies to small and medium enterprises, which are less resilient and more vulnerable to cyber risks. Asian businesses with overseas presence should also consider multinational cyber solutions, especially those with operations in Australia, US and UK which tend to experience more substantial financial losses arising from privacy litigation and data breaches," says Karlis Trops, Head of Cyber & Tech Professional Indemnity at Allianz Commercial Asia.
"The global cyber insurance market is predicted to more than double to close to US$30bn by the end of the decade, yet penetration remains relatively low. We need to underline that cyber insurance plays an important role in helping build resilience at a time of rapid technological and regulatory change. Many companies remain unaware of the breadth of coverage offered, which can include costs associated with breach response, business interruption, and regulatory fines and penalties," says Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial.

Hashtag: #Allianz
https://commercial.allianz.com/
https://www.linkedin.com/company/allianz-commercial/

The issuer is solely responsible for the content of this announcement.

Allianz Commercial

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks. Among our customers are the world's largest consumer brands, financial institutions and industry players, the global aviation and shipping industry as well as family-owned and medium enterprises which are the backbone of the economy. We also cover unique risks such as offshore wind parks, infrastructure projects or film productions. Powered by the employees, financial strength, and network of the world's #1 insurance brand, we work together to help our customers prepare for what's ahead: They trust us in providing a wide range of traditional and alternative risk transfer solutions, outstanding risk consulting and Multinational services as well as seamless claims handling. Allianz Commercial brings together the large corporate insurance business of Allianz Global Corporate & Specialty (AGCS) and the commercial insurance business of national Allianz Property & Casualty entities serving mid-sized companies. We are present in over 200 countries and territories either through our own teams or the Allianz Group network and partners. In 2024, the integrated business of Allianz Commercial generated around €18 billion in gross premium globally. https://commercial.allianz.com/