For data breach cases where the attacker was detected by a third-party, it took an average of 91 days to notice the attacker since 2019.

In 2025, 31% of DDoS attacks routed malicious traffic through Germany.

Targeted Sectors (Web Application and API Protection - WAAP) The analysis shows a shift in affected sectors between the first half of 2024 and the first half of 2025:

Data breach response / crisis management coverage was triggered in 24.5% of all claims overall, with a slightly higher incidence in excess claims (26.7%) compared to primary claims (23.6%).

Extortion coverage was triggered in 11.9% of all claims, showing a significant difference between primary claims(15.6%) and excess claims (3.3%), indicating it is far more common at the primary layer.

Other insuring agreements (average) were triggered as the main driver of loss in 1.6% of claims, triggered with some loss impact in 1.4%, triggered with no loss impact known in 0.5%, and not triggered in 96.6%.

2018: 46.2% of large losses came from other causes, 37.9% from data breaches, and 15.9% from ransomware. Ransomware started to emerge as a meaningful driver of big cyber claims.

In 2020, victims paid on average 37.4% of the initial ransom demand.

Average initial ransom demand (based on all cases with ransom demand) in 2023: $32.25 million.

In 24.6% of large ransomware claims, attackers used phishing to infiltrate systems.

In 2022, victims paid on average 42.0% of the initial ransom demand.

The average duration business operations were affected by ransomware in retail was 32 days.

20% of organizations actively pursuing CMMC 2.0 certification are in Asia-Pacific.

Extortion was triggered as the main driver of loss in 11.9% of claims (primary 15.6%, excess 3.3%), triggered with some loss impact in 11.6%, triggered with no loss impact known in 9.6%, and not triggered in 66.9%.

2020: 27.3% of large losses came from other causes, 29.2% from data breaches, and 43.4% from ransomware. Ransomware remained a dominant source of costly claims.

The Link11 network recorded 225% more DDoS attacks in the first half of 2025 compared to the same period last year.

The longest DDoS attack in the first half of 2024 lasted 1,523 minutes (approximately 1 day and 1 hour).

2019: 28.1% of large losses came from other causes, 29.2% from data breaches, and 45.1% from ransomware. Ransomware surged and became the leading cause of major cyber claims for the first time.

Ransomware incidents often lead to significant business interruptions, with some level of systems shutdowns occurring in approximately 92% of these cases.

For data breach cases where the attackers themselves disclosed the breach, it took an average of 38 days to notice the attacker prior to 2019.