Cyber claim notifications across Europe fell in 2025, but privacy breaches, ransomware attacks, and third-party failures continued to generate costly losses, according to data compiled by Marsh.
The decline in notifications suggests some organizations are improving cyber defenses. The severity of cyber incidents, however, remained a concern for insurers, brokers and risk managers, particularly as privacy-related exposures and supply chain vulnerabilities persisted.
Marsh's Global Cyber Claims Trends Report, which analyzed cyber claims and incident notifications reported by clients across Europe during 2025, found that fewer large-scale systemic events contributed to the decline.
Privacy-related incidents were involved in about 73% of notifications, well above the global average. The report said the figure reflects Europe's regulatory environment and compliance requirements.
The finding points to a cyber risk profile that differs from many other regions. For insurers, privacy incidents can trigger regulatory scrutiny, legal expenses, notification costs, and reputational damage, even when operational disruption is limited.
Extortion-related incidents, including ransomware attacks and data theft threats, accounted for about 15% of notifications. These incidents remained a significant source of recovery expenses and business interruption losses.
Research published by cyber insurer Resilience found ransomware claim volumes dropped by 53% during the first half of 2025. The average cost of each incident, however, increased by 17%, suggesting that successful attacks continue to result in substantial losses despite lower claim frequency.
The findings indicate that insurers may still face large claims even as notification volumes decline. Claim frequency and claim severity are not moving in the same direction.
Florian Sättler, cyber incident management leader and cyber claims co-leader for Europe at Marsh, said the decline in notifications did not remove concerns around cyber losses.
"While cyber claim notifications fell across Europe in 2025, the severity of incidents remains a significant concern," Sättler said.
Sättler said privacy exposures, extortion, social engineering attacks, and third-party incidents continue to generate significant losses for organizations.
Marsh found that 14% of notifications were linked to incidents involving digital service providers, suppliers, and other external parties.
The figure highlights growing concerns around supply chain risk as organizations become increasingly dependent on interconnected technology systems and outsourced services.
Industry participants have reported increased scrutiny of vendor management practices and supply chain exposures. Cyber insurers are paying closer attention to how organizations assess and monitor third-party risks.
Manufacturing accounted for about 20% of notifications in 2025, increasing its share of reported claims. Food and beverage organizations also recorded a rise in notifications.
Manufacturers have become more dependent on connected production systems and operational technology, increasing exposure to cyber-related disruptions.
The findings arrive as cyber insurance pricing continues to soften in many markets, even as insurers maintain underwriting discipline around ransomware, systemic cyber threats and third-party exposures. The report also highlighted the role of regulation in shaping cyber risk across Europe.
Organizations continue to navigate obligations under the General Data Protection Regulation (GDwhile preparing for the implementation of the Network and Information Security Directive 2 (NIS2), which introduces broader reporting and resilience requirements across the European Union.
Other industry studies have reached similar conclusions. Researchers have found that stronger cybersecurity controls have reduced the frequency of some incidents, but interconnected systems, third-party dependencies and regulatory requirements continue to complicate cyber risk management and incident response.
The data points to a market where cyber incidents may be occurring less often, but where the financial consequences of major events remain significant.
