The world of cyber insurance has seen significant changes in 2024, with large cyber claims (those exceeding €1 million) becoming more frequent and severe. In the first half of the year, claims related to data and privacy breaches made up two-thirds of these large losses. This trend is reshaping how companies think about cyber risks, especially as class action lawsuits and privacy violations drive up costs.
Rising Claims: A 14% Increase in Frequency and 17% in Severity
According to Allianz Commercial’s latest cyber risk outlook, the frequency of large cyber claims has increased by 14% in the first six months of 2024, while the severity of these claims has risen by 17% year-on-year. A major factor behind these rising costs is the surge in class action lawsuits, particularly in the US, where companies are being sued for privacy violations. These lawsuits, often related to data collection and consent issues, are becoming a bigger threat than ransomware incidents for many organizations.
Ransomware and Data Breach Trends
Ransomware attacks continue to evolve, with a focus on data exfiltration—stealing sensitive data before demanding a ransom. The interconnected nature of modern businesses, sharing ever-increasing amounts of personal information, has made it easier for attackers to target multiple companies at once. As a result, data breaches are becoming a more frequent and costly component of cyber claims.
Non-Attack Data Breaches: A Growing Concern
A surprising trend has emerged with "non-attack" data privacy-related claims, where companies face legal action for issues like wrongful data collection or improper handling of personal information. These claims, which don’t involve an external attack, have tripled in value over the last two years. In the US, these cases are particularly prevalent, as large corporations find themselves targeted in class action lawsuits for failing to adhere to strict data privacy regulations. For example, the 2023 MOVEit data breach led to over 240 lawsuits being consolidated into a single massive litigation case.
The Impact of AI on Cyber Risks
As artificial intelligence (AI) becomes more integrated into daily operations, new risks are emerging. AI’s reliance on large datasets, which often contain sensitive personal, health, and biometric information, introduces fresh vulnerabilities for companies to manage. Misuse of AI tools like chatbots or failure to obtain proper consent for data usage can lead to serious privacy violations and open the door to costly lawsuits. This evolving technology is expected to further complicate the cyber risk landscape in the near future.
Looking Ahead: A Shifting Legal and Regulatory Environment
The rise in cyber insurance claims is closely tied to the growing legal and regulatory pressures companies face around the world. As governments implement stricter data protection laws, businesses must navigate an increasingly complex environment. Failing to comply can result not only in fines but also in class action lawsuits, which can significantly increase the financial burden of a data breach.
In conclusion, large cyber insurance claims are on the rise due to a combination of factors including ransomware attacks, data exfiltration, and non-attack privacy violations. As the landscape continues to shift, companies will need to adapt to the evolving risks, particularly those driven by new technologies like AI and ever-stricter regulations.
#cyberinsurance, #databreach, #cybersecurity, #classaction, #AIrisks, #ransomware, #privacyviolations, #regulations, #cyberclaims, #technology8
Comments