Cyber criminals target smaller companies

Hackers have changed their strategy - and they've announced it: instead of only targeting large corporations, they are now specifically targeting small and medium-sized companies. The reason? These companies are often less secure, have weaker IT structures and still offer worthwhile data. This is precisely what makes them ideal targets for cyber criminals, as the German newspaper Handeslblatt reports.

Industrial insurer Allianz Commercial received around 300 claims notifications for cyber incidents in the first half of 2025 alone. For the year as a whole, around 700 cases are expected - a level similar to the previous year. Although the amount of damage has halved in this period and losses in the millions have also fallen by 30%, Allianz warns that this is no reason to sound the all-clear.

Less damage - but more attacks on the weak

According to Allianz Commercial, the decline in major losses has a clear background: large companies with good protection - i.e. insurance, emergency plans and security measures - have become more resilient. They know how to react in an emergency. This is exactly what is having an effect.

But while corporations are upgrading, the focus of attackers is shifting: away from the well-protected DAX giants and towards small and medium-sized companies that do not have their own IT department or cannot afford sophisticated defense systems. And not only in Germany - the number of attacks is also increasing in countries with a low level of security, such as in Asia or South America.

Ransomware particularly affects the retail sector

The retail sector is currently being hit particularly hard. With a lot of customer data and high turnover, retailers are a popular target for so-called ransomware attacks. This is no longer just about data encryption: hackers copy sensitive data before locking the systems - and then threaten to sell or publish it if no ransom is paid.

Michael Daum, Global Head of Cyber Claims at Allianz Commercial, warns: "Companies with high turnover, a lot of personal data and weak information security are ideal targets for hackers."

But even large companies are not safe. They often depend on complex, digital supply chains that open up new vulnerabilities. The IT security of service providers and partners is therefore becoming increasingly important for a company's own risk management.

A real threat

SMEs are the backbone of the German economy - but are often as vulnerable digitally as a bicycle without a lock. If you still believe that cyber insurance is a luxury and firewalls are sufficient, then you are living in the digital Stone Age. Hackers are no longer just interested in large corporations. Anyone who thinks "it won't affect us anyway" will be offline tomorrow - and broke the day after tomorrow.