‘Non-attack’ cyber claims surge
Class actions and related claims over “non-attack” cyber incidents such as wrongful use of personal data have increased after regulatory and legal changes, Allianz says.
Commercial global head of cyber claims Michael Daum says the share of these claims has tripled in value in two years amid “growing interdependencies between organisations sharing ever more volumes of personal records”.
The frequency of cyber claims above €1 million ($1.93 million) at Allianz was up 14% in the first half of the year, while severity increased 17%.
New data privacy rules have driven growth, and breach-related elements were present in two-thirds of the large losses. In the US, privacy regulations are open to interpretation, creating a “grey area that is ripe for class action litigation”.
“There is a growing trend for class action litigation against large US and international corporations related to privacy violations, such as around consent and data usage,” Mr Daum said. “The cost of some of these claims can be even larger than a ransomware incident, in the hundreds of millions of dollars.”
Class action lawsuits have been launched across healthcare, social media and gaming over the use of tracking tools such as Meta Pixel to monitor consumer behaviour, while entertainment streaming platforms have also been targeted.
The top 10 data breach class action settlements last year totalled $US516 million ($764.24 million), up from $US350 million ($518.38 million) in 2022.
Allianz warns artificial intelligence tools such as chatbots can create privacy, misinformation and security risks if not properly managed.
“There are concerns around potential breaches of privacy laws, such as whether organisations have proper consent to process data through AI,” it said.
Weak cybersecurity can lead to large claims involving fines, notification costs and third-party litigation, in addition to extortion demands, first-party costs and business interruption.
Allianz recommends strong access controls, database segregation, back-ups, patching and training. It says AI is becoming an essential tool in the fight against cyberattacks, as it can quickly identify a security breach and automatically isolate systems and databases, and can automate tasks such as forensics and notifications.
Allianz expects the number of cyber claims to stabilise this year after a 30% increase in frequency to more than 700 last year.