Large companies are getting better at avoiding cyberattacks, according to Allianz Commercial.

In the first half of this year, cyber claims numbers were flat at about 300, but claim severity fell by more than 50% compared with a year earlier, the insurer’s Cyber Security Resilience Outlook says.

The number of large loss claims fell by 30% as insureds invested in cybersecurity, detection and response. Allianz says this is prompting attackers to target small or mid-sized companies that are likely to be less resilient.

The insurer forecasts about 700 large company cyber claims this year, the same as in 2024. It expects a seasonal uptick around the Black Friday sales at the end of November.

Retailers are particularly susceptible to cyber incidents, the report says. They often have high revenues, handle large volumes of personal data and are vulnerable to business interruption.

“Large numbers of staff, suppliers and IT systems create a wide attack surface.”

Ransomware accounts for 60% of large cyber claims by value. And the scope of losses is broadening due to reliance on digital supply chains, stronger privacy regulation and sophisticated social engineering that targets employees.

Allianz Commercial global head of cyber claims Michael Daum says that every minute an attacker is in its victim’s system, “the impact goes up exponentially”.

Companies also face losses from “non-attack incidents” such as wrongful collection and processing of data, and technical failure. These accounted for a record 28% of large claims by value last year.