Cyber Claims In 2025: Severity Down For The Well Prepared – Risks Rising For Everyone Else
Allianz’s latest analysis of global cyber claims shows a striking split. Among well-insured, well-prepared organizations, claim severity fell by more than 50% in the first half of 2025 and the frequency of large losses (less than EUR1M) dropped ~30%. Allianz attributes this largely to stronger controls, faster detection/response, and disciplined incident playbooks at larger insured firms.
But that’s not the whole picture. Attackers are shifting toward mid-sized and less well-protected companies, including many in Asia and Latin America, where defenses and insurance uptake can be thinner. Ransomware remains the top loss driver by value, with operators increasingly using credential theft and social engineering to move quickly, and “double-extortion” data exfiltration now outpacing encryption as a cost driver.
What’s Really Changing (According to Allianz’s Report)
- Prepared, insured firms are containing losses. Investments in MFA, segmentation, backups, patching, MDR, and tabletop exercises are paying off; early containment can reduce costs by orders of magnitude.
- Ransomware tactics have evolved. Data theft (exfiltration) is faster, easier, and often more damaging than pure encryption; it accounted for ~40% of large-claim value so far 2025, with losses more than double incidents without exfiltration.
- Supply chain and technical outages matter. Contingent business interruption (CBI) from suppliers and non-attack technical failures (such as outages) are a growing share of large losses.
- The resilience gap is widening. Insureds’ loss impact rose ~70% over four years in Germany, versus a ~250% rise in the overall economic impact of cybercrime – proof that structured risk management and insurer-supported response improve outcomes.
The Uncomfortable Question
If severity is falling for insured, well-prepared enterprises, what about organizations that haven’t implemented stronger controls — or don’t carry cyber insurance?
Allianz’s claims narrative is blunt: incident responders are “very busy” with uninsured and smaller companies, and ransomware is “migrating down the chain” to targets that are easier to penetrate. That’s where today’s loss severity is likely to concentrate next.
Practical Next Steps (Playbook That Works)
Use insurance as a resilience lever: Beyond transfer, quality cyber policies bundle threat intel, MDR discounts, IR vendors, and post-event forensics – advantages reflected in the claims results.
Close the basics: MFA everywhere (especially email/admin), least-privilege access, rapid patching, tested offline backups, network segmentation.
Train for the real threat: Social-engineering drills focused on credential theft and help-desk impersonation; make “verify before you reset” a rule.
Map your dependencies: Identify your critical SaaS, cloud, and IT service providers; set CBI workarounds and contractual/security requirements.
Rehearse incidents: Run tabletop exercises for ransomware + data-exfiltration scenarios; measure detection/containment time and decision latency.
What This Really Means For Your Organization
The data is encouraging: companies that invest in resilience and carry cyber insurance are weathering attacks with less damage. But the same reports make it clear – attackers aren’t going away, they’re just shifting focus. If your defenses are lighter or your business isn’t insured, you’re exactly the type of target threat actors are counting on.
Cyber insurance is no longer just a financial backstop. The right policy also connects you to incident response teams, forensic experts, and recovery support at the exact moment you need them most. That’s why insured companies are seeing very different outcomes in 2025 compared with the uninsured.
At One World Cover, we help organizations secure tailored cyber cover backed by top insurers, so you’re not left facing today’s ransomware and data-theft landscape alone.
To learn more please get in touch: [email protected] or click here to contact us.
