Increase in Data and Privacy Breaches Creating a Spike in Large Cyber Claims

by | Oct 17, 2024

Allianz Group, a major international insurer, has released a new report finding that cyber claims of over €1 million in value have seen a substantial spike in the first half of 2024. The leading cause is a similar spike in data and privacy breaches, as organizations fend off both attacks and follow-up lawsuits.

Of the global cyber claims logged thus far in 2024, about two-thirds have involved data and privacy breaches. In the United States, 100% of the claims involved a privacy breach of some sort. These claims are up 17% in value as compared to the whole of 2023, and are 14% more frequent.

Rash of data and privacy breaches driving insurance claim cost and frequency

While Allianz is projecting that cyber claims will stabilize in this half of 2024, the spike demonstrates that similar future surges in data and privacy breaches should be expected.

AI is something that could cause future spikes. The report warns that the data taken in by AI chatbots could be tapped into by hackers, accidentally exposed, or ultimately be penalized by developing regulations. Allianz also notes that some organizations are still behind the cyber security curve, sometimes on very fundamental issues. A little of half of all cyber claims during the period were prompted by a ransomware attack, indicating criminals are still experiencing high success rates in penetrating victim networks.

Another indicator of ongoing cyber security issues is that about two-thirds of incidents are still disclosed either by the attackers themselves or by some sort of third-party security researcher. Allianz notes that late detection massively spikes the cost of data and privacy breaches, up to 1,000 times in some cases.

The US not only leads in large cyber claims, with 72% of the 2024 total thus far, but also has data and privacy breaches connected to every one of them. Much of the claim spike is driven by an increase in lawsuits over such breaches, and the cost of these lawsuits is highest overall in the US.

Cyber claims just as often coming from privacy suits

When one thinks of cyber claims one naturally expects that they are filed in response to an attack, but the Allianz report notes that after-the-fact lawsuits are now as much or more of a factor. There is a particular spike from “hyperlitigation” that results when a managed services provider or some other upstream source is breached, causing follow-on client data and privacy breaches and a cascade of lawsuits.

The count of class action suits related to data and privacy breaches has been at least doubling each year since 2021, peaking at over 1,300 filed in 2023. A more recent development has been a sharp spike in the severity (average cost) of these claims. While the severity number held steady at a 1% increase in 2023, in 2024 it has already spiked 17% in only the first half of the year.

On the attacker front, some of this is driven by ransomware operators increasingly incorporating data theft and “double extortion” into their approaches. The litigation front is driving the spike in cyber claims with “non-attack” cases that involve data practices falling afoul of national and state regulations, which only continue to come online and tighten up over time.

Recent Posts

How can we help?

4 + 14 =

× How can I help you?