Allianz Risk Barometer 2026 -
Global risk #1: Cyber incidents (42%)

In 2026, cyber incidents is the top global risk for the fifth year in a row, with its highest-ever score (42% of responses), and by a higher margin than ever before (10%). It ranks as the main corporate concern in every region (Americas, Asia Pacific, Europe, and Africa and Middle East) surveyed in the Allianz Risk Barometer and is again ranked as the top risk for large (>US$500mn annual revenues), mid-sized ($100mn to $500mn) and smaller companies (<$100mn). 

The continued presence of cyber at the top of the Allianz Risk Barometer reflects a deepening reliance on digital technology at a time when the cyber threat landscape, geopolitical, and regulatory environments are fast evolving, according to Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial: “Large companies’ investments in cyber security and resilience have been paying off, ensuring they can detect and respond to attacks early. However, cyber risk continues to evolve. Organizations are increasingly reliant on third party providers for critical data and services, while artificial intelligence (AI) is supercharging threats, increasing the attack surface and adding to existing vulnerabilities.”

Businesses are conscious of the need to invest in protection against cyber incidents, including increasing AI-driven threats. Around 90% of respondents say they anticipate making a “moderate” (47%) or “high” (43%) investment in cyber loss prevention, with just 9% intending to make a low investment.

“The tools to protect against cyber-attacks are costly, yet the consequences of a successful incident are potentially catastrophic with huge business interruption and supply chain costs, as well as regulatory compliance and legal implications,” says Baviskar.

Against a background of increasing geopolitical tensions and heightened supply chain vulnerabilities, cyber is the risk of greatest concern across a broad range of industries, including manufacturing, aviation, chemicals, oil and gas, technology, telecommunications, transport, financial services, retail, food and beverage, and hospitality.

“We are now seeing costly attacks on businesses and supply chains outside the US and Europe, with notable incidents in Asia in 2025,” says Baviskar. “At the same time, regulations continue to tighten globally. Companies are increasingly exposed to tougher privacy and cyber security requirements in both home and export markets. For example, the European Union’s (EU) updated Product Liability Directive now extends to cyber security and covers AI, software and digital systems, across the supply chain.”

Of course, cyber crime is highly profitable, with groups operating on an industrial scale. According to the FBI [1], cyber crime losses in the US soared to a record $16.6bn in 2024, a 33% increase annually. Ransomware has evolved into a sophisticated ecosystem in which specialist groups known as initial access brokers gain unauthorized access to an organization’s systems, which they sell on to affiliates that carry out the attack and demand ransom payments. 

Cyber criminals are adept at exploiting vulnerabilities in cyber security – such as supply chains and employees – as well as leveraging the impact of business interruption and the release of sensitive data to extract ransom payments. According to Allianz Commercial cyber claims analysis, ransomware accounts for 60% of the value of large cyber claims (>€1mn) seen during the first half of 2025, while 40% of the value of large cyber claims seen during this period included data theft, up from 25% in all of 2024.

At the same time, attackers are also increasingly using AI to automate attack processes, which enables them to carry out more attacks, faster and more efficiently. AI is also lowering the bar for threat actors, making it easier for criminals who lack technical skills and ransomware expertise to execute attacks.

The continuing dominance of cyber risk in the Allianz Risk Barometer also reflects a growing reliance on third parties for critical data and digital services. Several attacks and outages have caused significant disruption to businesses, their supply chains, customers and the wider economy over the past 12 months, with notable incidents impacting many sectors in 2025. Attacks against two UK retailers alone caused estimated losses of up to £440mn ($585mn), according to the Cyber Monitoring Centre [2].

“Digital infrastructure and technology are now critical  to all businesses and their supply chains. Complex interconnected systems exist within organizations, third party suppliers and customers. As we have seen with recent incidents, a cloud outage, technical glitch or malicious attack can have huge implications for a business’s ability to produce and sell its goods and services, with the effects rippling through supply chains,” says Baviskar.

In addition to malicious incidents, outages of critical digital services and infrastructure due to technical glitches and/or human error are increasing in frequency and severity. Meanwhile, non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, accounted for a record 28% of large claims (>€1mn) by value during 2024, according to Allianz Commercial claims analysis.

Of particular concern is the oversized reliance in some sectors or organizations on a small number of third-party suppliers in areas like cloud services, software as a service, AI solutions and data processing. More than three quarters [5] of companies use cloud services in most or all areas of their operations, yet just three companies control more than 60% [6] of the global cloud infrastructure. In November and December 2025, two separate outages at internet service provider Cloudflare disrupted thousands of websites, while major cloud service providers Amazon Web Services, Microsoft Azure and Google Cloud all suffered separate significant outages in 2025.