Tag Archive | cyber insurance
October 6, 2025  

Cyber Insurance Claims Drop 50% — But Smaller Businesses Are Now the Prime Targets

Cyber insurance claim severity dropped by more than 50% in the first half of 2025, according to Allianz Commercial’s Cyber Security Resilience 2025 report. That sounds like great news — until you dig deeper.

While large corporations are becoming harder to penetrate, attackers are pivoting toward smaller, less-protected firms — including professional services, tech startups, and manufacturers. In short: the battlefield has moved downstream.

The Shift: From Big Game Hunting to Small Business Targets

A few years ago, ransomware gangs chased multi-million-dollar payouts from global enterprises. Now, with those firms investing heavily in detection, response, and network segmentation, hackers are changing tactics.

Instead of targeting fortified enterprises, they’re going after smaller organizations with weaker defenses, faster paydays, and sensitive client data.

  • 88% of data breaches at SMEs in 2025 involved ransomware — compared to just 39% among large corporations.
  • Data theft (not encryption) is now the goal in 40% of large cyber claims — up from 25% in 2024.
  • Supply chain compromises caused 15% of large claim losses, more than doubling from the previous year.

Even more concerning: cloud intrusions surged 136%, as attackers exploit the same tools businesses rely on to stay connected.

Why Professional Services and Tech Firms Are in the Crosshairs

Professional service firms — law, accounting, marketing, and consulting — are increasingly being viewed as soft targets with high-value data.

These firms store client records, financial details, and intellectual property — a gold mine for threat actors seeking ransom leverage.

Meanwhile, human error remains the weak link. Nearly 60% of breaches stem from employee mistakes or manipulation. Social engineering and AI-generated phishing are driving credential theft.

It’s not just data loss anymore. Privacy-related litigation is exploding. There were 1,500 data privacy lawsuits filed in the U.S. last year alone.

The Silver Lining: Prevention Is Paying Off

Allianz’s data shows insured companies’ proactive measures are working:

  • Basic controls like patching, MFA, and network segmentation prevented many incidents entirely.
  • Firms with active detection and response systems saw claims costs reduced by as much as 1,000x.
  • Insured cyber losses rose only 70% over four years. This increase is small compared to a 250% rise in total global cybercrime costs.

In other words, insurance and prevention together create resilience.

What This Means for Your Business

If you’re a small or mid-sized business, the takeaway is clear: You are now the primary target.

Even if your company isn’t “big enough to hack,” your data — client files, contracts, or employee records — is.

Cyber insurance is no longer just a risk transfer tool; it’s a business continuity lifeline. Policies today not only pay for forensic recovery, legal defense, and ransom negotiation — they often include 24/7 access to cyber response teams that can contain incidents before they spiral.

Action Steps: Building Resilience in 2025 and Beyond

  1. Review your security controls: Enable multi-factor authentication across all systems and vendors.
  2. Train your employees: Human error drives most breaches. Ongoing awareness training matters.
  3. Map your vendor dependencies: Supply chain attacks are rising fast.
  4. Pair insurance with prevention: Use your policy benefits — hotlines, breach coaches, and vendor response partners — before you need them.
  5. Reevaluate your limits: Cyber claim severity may be down, but costs like regulatory fines and lawsuits are rising sharply.

Final Thought

The Allianz report confirms what many of us in the insurance industry have seen firsthand. The cyber threat landscape isn’t shrinking. It’s shifting.

For businesses that rely on client trust and data integrity, cyber insurance isn’t optional. It’s essential.

Because in 2025, the question isn’t if your systems will be tested — it’s how prepared you are when they are.

-JK

June 10, 2025  

Cybercriminals Are Targeting Small Businesses – Is Yours Next

Your Business Is Being Targeted—Even If You Don’t Realize It

It’s not just big corporations making headlines anymore. Small and midsize businesses are now prime targets for cybercriminals—and the numbers don’t lie.

Ransomware remains the most disruptive threat in today’s digital world. The newly released Cyber Threat Index 2025 from Coalition reveals how these attacks are happening. It shows why it’s time to take this risk seriously.

Startling Realities from the Report:

  • 58% of ransomware attacks in 2024 began with a breach of VPNs or firewalls
  • 18% involved remote desktop tools
  • 47% began with stolen or guessed login credentials
  • Email phishing and unpatched software rounded out the top attack methods

What This Means for Your Business

Think about the systems your team uses every day—remote logins, email, cloud apps. Now imagine they’re all frozen… encrypted by criminals demanding a six-figure ransom just to give you back control.

It’s not science fiction. It’s happening to businesses just like yours—some of them never recover.

The worst part? Most attacks succeed not because the defenses are complex, but because they’re familiar. Cybercriminals keep reusing the same tactics because they still work.

And while enterprise-level companies have IT teams monitoring for threats around the clock, many small and midsize businesses don’t. That’s where cyber insurance becomes more than a policy—it becomes a lifeline.

How Cyber Insurance Protects You:

A robust cyber insurance policy can help cover:

  • Ransom payments (where legal)
  • Digital forensics and IT recovery
  • Business interruption and income loss
  • Data restoration and rebuilding
  • Regulatory fines and legal defense
  • Customer notifications and credit monitoring

4 Things You Can Do Right Now:

  1. Harden remote access tools – Use multi-factor authentication (MFA) across VPNs and remote desktops
  2. Educate your team – A well-timed click on a phishing email can cost your business everything
  3. Patch and update software – Vulnerabilities in outdated tools are low-hanging fruit for attackers
  4. Review your cyber insurance – Your policy should reflect your current systems and risks

Final Thought:

Cybercriminals aren’t getting more creative—they’re just getting more persistent. And far too many businesses are still unprepared.

The good news? Cyber insurance remains one of the most affordable forms of protection available. This is especially true when compared to skyrocketing premiums you see in property or commercial auto.

If you’re not sure whether your coverage is enough, let’s have a conversation. Or if you don’t have cyber protection in place at all, let’s talk.

It could be the most important step you take for your business this year.

-JK

November 4, 2024  

POV: The Incredible Anxiety of a Cyber Attack

As someone who helps businesses with the placement of their insurance policies and with risk management advice, this video from Travelers Insurance hits powerfully when I watch it.

I’ve experienced this exact situation first-hand at least several times. A client calls in terror because their computer network was breached. They are either shut down to a point where not a single employee can get on the network to function. Alternatively, a hacker breaches their network and steals hundreds of thousands of dollars from their accounts.

The incredible fear and anxiety it creates is off the charts. This video is a true personification of this very circumstance.

My biggest piece of advice is please don’t think that your business is invincible to these types of circumstances. This CAN happen to any business, large or small.

The most crucial step a business can take to avoid a cyber attack is to establish a robust cyber security culture. This culture should include consistent employee training. Educate all team members on cyber hygiene practices. Teach them to recognize phishing emails. Encourage them to use strong, unique passwords. Additionally, ensure they secure their devices. Human error is one of the leading causes of data breaches. Employees who are aware of and actively follow security best practices can significantly reduce the risk of an attack.

Whether you have an internal IT team managing your computer network, or utilize a MSP (Managed Service Provider), ensure they have the proper protocols in place. These protocols should mitigate breaches within your computer network.

Also, don’t overlook a cyber insurance policy. It can help manage the costs of a cyber attack with both “1st Party Coverage.” This coverage focuses on your own losses and expenses directly resulting from a cyber incident. It also includes “3rd Party Coverage” to focus on liability to third parties affected by the cyber incident. This includes legal and regulatory costs.

The cyber insurance market is competitive as of the date of this post. This means rates are low for the coverage offered. Underwriting is also relatively soft. It’s not difficult to secure a robust policy with a low annual premium.

If you have questions about the above, reach out today. You might want to know about a recommended MSP (Managed Service Provider) for your business. Or you may have questions about the cost and terms of a cyber insurance policy.

-JK