Tag Archive | technology
October 6, 2025  

Cyber Insurance Claims Drop 50% — But Smaller Businesses Are Now the Prime Targets

Cyber insurance claim severity dropped by more than 50% in the first half of 2025, according to Allianz Commercial’s Cyber Security Resilience 2025 report. That sounds like great news — until you dig deeper.

While large corporations are becoming harder to penetrate, attackers are pivoting toward smaller, less-protected firms — including professional services, tech startups, and manufacturers. In short: the battlefield has moved downstream.

The Shift: From Big Game Hunting to Small Business Targets

A few years ago, ransomware gangs chased multi-million-dollar payouts from global enterprises. Now, with those firms investing heavily in detection, response, and network segmentation, hackers are changing tactics.

Instead of targeting fortified enterprises, they’re going after smaller organizations with weaker defenses, faster paydays, and sensitive client data.

  • 88% of data breaches at SMEs in 2025 involved ransomware — compared to just 39% among large corporations.
  • Data theft (not encryption) is now the goal in 40% of large cyber claims — up from 25% in 2024.
  • Supply chain compromises caused 15% of large claim losses, more than doubling from the previous year.

Even more concerning: cloud intrusions surged 136%, as attackers exploit the same tools businesses rely on to stay connected.

Why Professional Services and Tech Firms Are in the Crosshairs

Professional service firms — law, accounting, marketing, and consulting — are increasingly being viewed as soft targets with high-value data.

These firms store client records, financial details, and intellectual property — a gold mine for threat actors seeking ransom leverage.

Meanwhile, human error remains the weak link. Nearly 60% of breaches stem from employee mistakes or manipulation. Social engineering and AI-generated phishing are driving credential theft.

It’s not just data loss anymore. Privacy-related litigation is exploding. There were 1,500 data privacy lawsuits filed in the U.S. last year alone.

The Silver Lining: Prevention Is Paying Off

Allianz’s data shows insured companies’ proactive measures are working:

  • Basic controls like patching, MFA, and network segmentation prevented many incidents entirely.
  • Firms with active detection and response systems saw claims costs reduced by as much as 1,000x.
  • Insured cyber losses rose only 70% over four years. This increase is small compared to a 250% rise in total global cybercrime costs.

In other words, insurance and prevention together create resilience.

What This Means for Your Business

If you’re a small or mid-sized business, the takeaway is clear: You are now the primary target.

Even if your company isn’t “big enough to hack,” your data — client files, contracts, or employee records — is.

Cyber insurance is no longer just a risk transfer tool; it’s a business continuity lifeline. Policies today not only pay for forensic recovery, legal defense, and ransom negotiation — they often include 24/7 access to cyber response teams that can contain incidents before they spiral.

Action Steps: Building Resilience in 2025 and Beyond

  1. Review your security controls: Enable multi-factor authentication across all systems and vendors.
  2. Train your employees: Human error drives most breaches. Ongoing awareness training matters.
  3. Map your vendor dependencies: Supply chain attacks are rising fast.
  4. Pair insurance with prevention: Use your policy benefits — hotlines, breach coaches, and vendor response partners — before you need them.
  5. Reevaluate your limits: Cyber claim severity may be down, but costs like regulatory fines and lawsuits are rising sharply.

Final Thought

The Allianz report confirms what many of us in the insurance industry have seen firsthand. The cyber threat landscape isn’t shrinking. It’s shifting.

For businesses that rely on client trust and data integrity, cyber insurance isn’t optional. It’s essential.

Because in 2025, the question isn’t if your systems will be tested — it’s how prepared you are when they are.

-JK

November 4, 2024  

POV: The Incredible Anxiety of a Cyber Attack

As someone who helps businesses with the placement of their insurance policies and with risk management advice, this video from Travelers Insurance hits powerfully when I watch it.

I’ve experienced this exact situation first-hand at least several times. A client calls in terror because their computer network was breached. They are either shut down to a point where not a single employee can get on the network to function. Alternatively, a hacker breaches their network and steals hundreds of thousands of dollars from their accounts.

The incredible fear and anxiety it creates is off the charts. This video is a true personification of this very circumstance.

My biggest piece of advice is please don’t think that your business is invincible to these types of circumstances. This CAN happen to any business, large or small.

The most crucial step a business can take to avoid a cyber attack is to establish a robust cyber security culture. This culture should include consistent employee training. Educate all team members on cyber hygiene practices. Teach them to recognize phishing emails. Encourage them to use strong, unique passwords. Additionally, ensure they secure their devices. Human error is one of the leading causes of data breaches. Employees who are aware of and actively follow security best practices can significantly reduce the risk of an attack.

Whether you have an internal IT team managing your computer network, or utilize a MSP (Managed Service Provider), ensure they have the proper protocols in place. These protocols should mitigate breaches within your computer network.

Also, don’t overlook a cyber insurance policy. It can help manage the costs of a cyber attack with both “1st Party Coverage.” This coverage focuses on your own losses and expenses directly resulting from a cyber incident. It also includes “3rd Party Coverage” to focus on liability to third parties affected by the cyber incident. This includes legal and regulatory costs.

The cyber insurance market is competitive as of the date of this post. This means rates are low for the coverage offered. Underwriting is also relatively soft. It’s not difficult to secure a robust policy with a low annual premium.

If you have questions about the above, reach out today. You might want to know about a recommended MSP (Managed Service Provider) for your business. Or you may have questions about the cost and terms of a cyber insurance policy.

-JK

September 26, 2024  

Cyber Risks Lead 2024 Business Concerns in Travelers Survey

For 11 years, Travelers has posted an annual Risk Index. The Risk Index is a survey that looks at the top concerns of U.S. businesses, and how they manage them.

Their 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.

Some of these risks involve well-known issues, like rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.

Cyber risks are the #1 business concern in 2024 per the survey. 62% of the 1,200 or so respondents cited cyber as a top concern.

Cyber ranked higher as a concern than medical cost inflation (59%), increasing employee benefits costs (59%), broad economic uncertainty (59%), and the ability to attract and retain talent (54%). Medical cost inflation was the highest concern last year.

I included a link to the 2024 Risk Index above but here’s the LINK again for reference.

If you have questions about cyber insurance coverage or would like to see what the cost would be for a cyber insurance policy for your company, please contact me to discuss.

-JK