2025年网络安全弹性：索赔与风险管理趋势

Cyber securityresilience 2025 Claims and risk management trends commercial.allianz.com Contents Page 4Executive summary Expanding risk landscape drives Page 19Tech failure and outages make first large claims Claims and loss trends Page 20Privacy regulation and litigation continues to develop Page 9Cyber insureds take back control and gain momentumagainst attackers, but challenges remain Page 11Ransomware migrates to mid-sized and less well-protected firms as threat actors adapt to hardened Page 22Detection, response and trainingPage 23Reducing the cost of a claimPage 25Widening gap: Insureds grow more resilientPage 26Be prepared with tabletop exercisesPage 27Ransomware attacks highlight need for BI workaroundsPage 28The transformative power of AI-powered detectionPage 29Regulation set to raise the cyber resiliency barPage 30Insurance market trends Page 12Data exfiltration ranks as top loss driver Page 13The rise of social engineering – threat actors targetemployees as the weakest link Page 14Keys to the kingdom: Credentials overtake malware Page 15AI driving more effective social engineering and Page 16Retailers becoming the most targeted sector Page 17CBI/supply chain emerges as a key threat Executive summary The cyber risk and insurance landscape in 2025 reveals a complex and evolvingthreat environment where insured companies are becoming increasingly resilientagainst attacks with strengthening of cyber security and preparedness and responsecapabilities helping to mitigate the impact of large cyber losses in 2025 to date. Attackers are also shifting focus from well-protected largecorporations, particularly in the US and Europe, where thebar for a successful attack is now much higher, to mid-sized and smaller firms, which are less resilient, as well asfirms in other territories, such as in Asia or Latin America.Ransomware was involved in 88% of data breaches Claims and loss trends Analysis ofAllianz Commercialcyber claims shows theoverall frequency of notifications during 1H, 2025 wasin line with a year earlier (around 300 claims), after asignificant year-on-year increase during 2023 comparedwith 2022. Overall claims severity has declined by morethan 50% during 1H, 2025 while the frequency of largeloss claims (> €1mn) is down around 30%. However, the Ransomware shifts to mid-sized and less Ransomware remains the biggest driver of cyber insuranceclaims analyzed by frequency and value, accounting foraround 60% of the value of large claims (>€1mn) during1H, 2025. High-profile attacks across many industriesunderscore ongoing threats, although there are signsinternational co-ordination by law enforcement agenciesand the strengthening of cyber security by large corporates Data exfiltration a top loss driver As large companies have improved their responsecapabilities, recent years have seen a shift from purelyextortion-based ransomware attacks to double extortionincluding data exfiltration – 40% of the value of large cyberclaims (>€1mn) during 1H, 2025 included data theft, up from Data exfiltration is easier and faster for attackers thanencryption and increases the likelihood of ransompayments. The average global data breach cost hit arecord high (almost US$5mn) in 2024, driven by factorssuch as the impact of stricter data privacy regulation. Manufacturers, professional services, and retailers most Retailers top the list of industries attacked during 1H, 2025and are the third most impacted sector by cyber incidents,behind manufacturing and professional services, accordingto analysis of large cyber claims (>€1mn) since 2020.Companies in the manufacturing sector accounted for 33% Retailers often have high revenues, handle largevolumes of personal data, and are vulnerable to businessinterruption, which all provide leverage when makingextortion demands. They also tend to have large numbers The rise of sophisticated social engineering andcredential-based attacks Supply chain dependency risks The emergence of claims related to growing dependenciesof IT supply chains is a key emerging trend. Contingentbusiness interruption (CBI) supply chain events accountedfor 15% of large cyber claims (>€1mn) by value in 1H,2025, compared with 6% in 2024, according toAllianzCommercialanalysis. Such losses can result from bothattacks and technical faults, causing disruption to a Recent cyber-attacks display common tactics, includingusing sophisticated social engineering and compromisedcredentials to access networks, such as impersonatingan employee locked out of an IT system. Many attacksalso leverage suppliers or IT supply chains to accesssensitive information. Approximately 60% of breaches Scattered Spider, a hacking group behind recent attacksagainst casinos, retailers, airlines, and insurers, has usedcompromised access credentials and social engineeringand phishing tactics to gain access to an organization’ssystems rapidly. More than 10 attacks were attributed tothe group during 1H, 2025. Credenti