Ransomware attacks are increasingly targeting smaller and mid-sized firms as cybercriminals adapt their strategies. According to the Allianz Cyber Security Resilience 2025 report, 88% of breaches at these smaller organizations involved ransomware, compared to 39% at larger enterprises. This shift indicates that hardened defenses at major corporations have prompted attackers to seek easier prey, leading to ransomware remaining the foremost cause of significant cyber claims.
In the first half of 2025, ransomware accounted for approximately 60% of claims valued at over €1 million. Attackers are evolving their methods, moving beyond encryption to focus on data exfiltration. This shift not only complicates remediation efforts but also highlights the high value of stolen data. Exfiltration demands less effort than encryption and is often more effective in prompting ransom payments.
The average global cost of a data breach reached nearly $5 million last year, with rising privacy regulations and litigation risks amplifying financial exposure. Cybercriminals are increasingly leveraging human vulnerabilities, utilizing social engineering, phishing, and business email compromise. The rise of generative AI has enhanced the sophistication of these tactics, making them more convincing and effective.
Groups like Scattered Spider exemplify this trend, employing fake help desk calls and credential abuse to escalate from account takeover to ransomware deployment within a mere 24 hours. The retail sector has emerged as the most targeted industry in early 2025, ranking just behind manufacturing and professional services in total losses since 2020. The combination of vast amounts of personal data and complex supply chains makes retailers particularly appealing targets for cybercriminals.
Emerging Threats and Financial Implications
The report also highlights the growing threat of supply chain disruptions as a source of claims. Incidents affecting suppliers can lead to significant business interruptions, and the number of cloud security incidents is on the rise. Even organizations with robust internal controls may suffer severe impacts if a vendor experiences an outage or breach.
Not all financial losses stem from malicious activity; technical failures and privacy missteps are increasingly contributing to claims. For the first time, Allianz’s dataset includes business interruption linked to IT outages, spurred by a global service disruption affecting millions of systems. Additionally, privacy litigation has surged, with over 1,500 lawsuits filed in the United States last year.
Despite the evolving threat landscape, Allianz’s analysis indicates positive trends among insured firms. Overall claims severity has decreased by more than 50% in the first half of 2025, while the incidence of very large claims has dropped by about 30%. Preparedness plays a critical role in this improvement. Basic security measures, including patching, segmentation, backups, and multifactor authentication, have proven effective in limiting damage.
Early detection and response strategies can reduce losses significantly, with some organizations experiencing reductions in costs by a factor of 1,000. Regular tabletop exercises and comprehensive business continuity planning are highlighted as essential practices. Currently, business interruption accounts for over half the total value of cyber claims, underscoring the importance of preparedness in mitigating risks.
Regulatory Changes and Cyber Insurance Growth
The regulatory landscape is becoming more demanding. In Europe, the Digital Operational Resilience Act and the NIS2 directive will require enhanced risk management and reporting across critical sectors. These regulations may pose challenges, particularly for mid-sized firms lacking robust systems, but they are expected to drive improvements in overall resilience.
The cyber insurance market is expanding rapidly, projected to nearly double to $30 billion by 2030. Demand is especially strong among mid-sized companies and regions that have previously seen low uptake. According to Jarrod Schlesinger, Global Head of Financial Lines and Cyber at Allianz Commercial, the growth in insured firms correlates with a smaller increase in cyber loss impact compared to the overall rise in cybercrime.
“The global cyber insurance market is predicted to more than double by the end of the decade, yet penetration remains relatively low,” Schlesinger noted. He emphasized the importance of cyber insurance in enhancing resilience amid rapid technological and regulatory changes. Many companies continue to be unaware of the extensive coverage options available, which can encompass costs related to breach response, business interruptions, and regulatory penalties.
As the landscape of cyber threats continues to evolve, both small and mid-sized firms must remain vigilant and proactive in fortifying their defenses against increasingly sophisticated attacks.
