Cyber Claims Spike as Data Breach and Privacy Violations Drive Litigation Surge
Cyber claims have continued to rise in 2024, fueled by an increase in data and privacy breach incidents, according to Allianz Commercial’s annual cyber risk outlook. The insurer revealed a 14% increase in the frequency of large cyber claims (over €1 million) in the first half of 2024, with claim severity climbing 17%, compared to just 1% in 2023. Two-thirds of these large claims involve data and privacy breaches, underscoring the growing significance of cyber threats.
Michael Daum, Global Head of Cyber Claims at Allianz Commercial, attributes this uptick to the rise of ransomware attacks and the evolving tactics of cybercriminals. “A rise in ransomware attacks, including data exfiltration, stems from growing interdependencies between organizations sharing vast amounts of personal data,” he explains. Additionally, non-attack data privacy litigation—driven by wrongful data collection or processing—has seen a significant rise, with claim values tripling in just two years.
‘Non-Attack’ Data Privacy Claims Surge Amid Rising Class Action Litigation
The rise in ‘non-attack’ data privacy claims has been linked to the evolving regulatory landscape and increased commercial value of personal data. While the EU’s General Data Protection Regulation (GDPR) sets strict data privacy rules, US privacy regulations remain open to interpretation, creating fertile ground for class action litigation. Daum notes, “Class action lawsuits targeting privacy violations, such as consent and data usage, are surging in the US, with some claims exceeding the cost of major ransomware incidents.”
In 2023, more than 1,300 data privacy-related class actions were filed in the US—more than double the number in 2022. Industries such as healthcare, social media, and entertainment streaming platforms have been particularly targeted, with high-profile cases involving the use of tracking tools like Meta Pixel.
AI’s Role in Amplifying and Mitigating Data Breach Risks
Artificial intelligence (AI) is set to dramatically impact the cyber and privacy risk landscape. AI systems rely on vast amounts of personal and biometric data, posing potential privacy and security risks. AI tools like chatbots, if improperly managed, could lead to data breaches and violations of privacy laws.
Despite growing cybersecurity investments, many organizations still face vulnerabilities, particularly in their supply chains. Allianz emphasized the importance of good cyber hygiene—strong access controls, database segregation, backups, and patching—to mitigate these risks.
AI is also proving to be a vital tool in combating cyber-attacks. It can detect security breaches early, isolate systems, and automate tasks such as forensics and notifications, significantly reducing the cost of data breach claims.
Cyber Insurance’s Expanding Role in Cybersecurity
As data breaches and privacy violations become more prevalent, the role of cyber insurance is expanding. Beyond covering claims, insurance helps companies make a strong business case for investing in cybersecurity. Allianz’s Vanessa Maxwell, Global Head of Cyber and Financial Lines, stresses that insurers can provide essential loss prevention and mitigation advice, helping businesses navigate this growing threat.
Early detection and response to cyber breaches are critical, as undetected incidents can escalate from small losses into catastrophic events. Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial, highlights the importance of quick responses, “Cyber breaches that go undetected can become 1,000 times more expensive. The difference between a €20,000 loss and a €20 million one often comes down to early detection.”
With cyber threats continuing to evolve, companies must stay vigilant and invest in both cybersecurity measures and insurance coverage to protect against increasingly sophisticated attacks.