Data Privacy Breaches Drive Surge in Cyber Claims Reports Allianz
Data Privacy Breaches Drive Surge in Cyber Claims Reports Allianz
The frequency and severity of large cyber insurance claims have risen sharply in 2024, driven by a growing number of data and privacy breaches, according to Allianz Commercial’s latest cyber risk outlook.

In the first half of the year, the frequency of large cyber claims (exceeding €1 million) increased by 14%, while the severity of losses surged 17%, a significant jump compared to just 1% growth in 2023. Two-thirds of these major claims were linked to data and privacy breaches.

A rising trend in class action lawsuits, particularly in the U.S., has significantly contributed to these escalating costs. Large U.S. and international corporations are facing an increasing number of lawsuits related to privacy violations, which has driven up both the frequency and the financial impact of cyber claims.

While the overall number of cyber claims is expected to stabilize in 2024, this follows a sharp 30% rise in claims in 2023, which saw over 700 incidents reported. Allianz’s data highlights that cyber risks, particularly those related to data and privacy breaches, continue to pose a growing threat to companies worldwide.

“The growing significance of data breach losses among cyber insurance claims is driven by a number of notable trends,” explains Michael Daum, Global Head of Cyber Claims, Allianz Commercial. “A rise in ransomware attacks including data exfiltration is a consequence of changing attacker tactics and the growing interdependencies between organizations sharing ever more volumes of personal records. At the same time, the evolving regulatory and legal environment has brought an uptick in so-called ‘non-attack’ data privacy-related class action litigation, resulting from incidents such as wrongful collection and processing of personal data – the share of these claims has tripled in value in two years alone.”

‘Non-attack’ claims increase as privacy litigation ramps up

The rise in ‘non-attack’ data privacy claims is the consequence of developments in technology, the growing commercial value of personal data, and a developing regulatory and legal landscape. For example, unlike the EU’s General Data Protection Regulation (GDPR), privacy regulations in the US are less prescriptive and open to interpretation, while plaintiff lawyers are hungry for potential sources of revenue. This is creating a grey area that is ripe for class action litigation, the report notes.

“We are seeing more data privacy breach claims in the US where there is a growing trend for class action litigation against large US and international corporations related to privacy violations, such as around consent and data usage,” says Daum. “The cost of some of these claims can be even larger than a ransomware incident, in the hundreds of millions of dollars.”

Data Breaches Drive Surge in U.S. Class Action Lawsuits

Over the past year, data breaches have surged as one of the fastest-growing areas of U.S. class action litigation. According to law firm Duane Morris, more than 1,300 data breach class action lawsuits were filed in 2023—more than double the 2022 total and four times the 2021 figure. These lawsuits spanned a wide range of data privacy regulations, with companies across sectors like healthcare, social media, and gaming targeted for using tracking tools such as Meta Pixel to monitor consumer behavior. Entertainment streaming platforms were also scrutinized for alleged privacy violations.

Large data breaches often trigger waves of litigation. In 2023, over 240 lawsuits related to the MOVEit data breach were consolidated into a single multidistrict litigation (MDL). The top 10 data breach class action settlements last year amounted to $516 million, a significant rise from the $350 million total in 2022, reflecting the growing incentives for both parties to settle as the number of claimants increases.

Europe is also seeing a rise in data breach litigation. Heightened awareness of data protection rights, more third-party litigation funding, and a consumer-friendly legal environment are contributing to an uptick in mass data privacy claims, although not yet on the scale of the U.S.

AI’s Role in Shaping Future Data Privacy Risks

As artificial intelligence (AI) becomes more prevalent across industries, it will play a key role in reshaping the cyber and privacy risk landscape. AI relies heavily on the collection of personal, health, and biometric data to train models and make predictions. This data, if not managed securely, could lead to privacy and security risks, especially through AI tools like chatbots. Inadequate data protection could result in breaches of privacy laws, with companies failing to obtain proper consent to process personal information.

Cybersecurity Failures Leading to Increased Risk

Despite growing investment in cybersecurity, many major data breaches over the past 18 months have been due to weak cyber defenses within organizations and their supply chains. These breaches often result in large claims involving regulatory fines, notification costs, third-party litigation, extortion demands, and business interruption losses. The report highlights the ongoing vulnerability of businesses to data exfiltration, underlining the importance of stronger cybersecurity measures to prevent future incidents.

“The insurance industry must also step up its focus on the data privacy side of cyber risk and has a key role to play in offering loss prevention and mitigation advice to businesses about this increasingly important area of exposure,” says Vanessa Maxwell, Global Head of Cyber and Financial Lines, Allianz Commercial. 

“The value of cyber insurance goes well beyond the payment of claims. Insurance helps companies make the business case for cyber security investment and to direct their resources towards the most effective measures.”

Data breach risks are best mitigated through good cyber hygiene, including strong access controls, database segregation, backups, patching and training. Having better oversight of any cyber weaknesses in their supply chains is an area where many companies need to improve.

“Early detection and response capabilities are also key. Around two thirds of breaches are typically reported by a third party or by the attackers themselves,” according to Rishi Baviskar, Global Head of Cyber Risk Consulting, Allianz Commercial. 

He says: “Cyber breaches that are not detected and contained early can end up being 1,000 times more expensive than those that are, the difference between a €20,000 loss turning into a €20mn one.

Baviskar  adds: “AI is also becoming an essential tool in the fight against cyber-attacks, as it can quickly identify a security breach and automatically isolate systems and databases, as well as having the potential to significantly reduce the cost and life cycle of a data breach claim by automating tasks, such as forensics and notifications, potentially saving companies millions of dollars.”

Source: Allianz

Share this article:

APPLY TO SPONSOR

Gain access to the most senior audience of insurance executives, entrepreneurs, and investors. We offer a wide range of opportunities for you to engage with our attendees from networking to thought leadership.

Sponsorship packages provide a wide range of opportunities developed for almost any budget and are designed to help achieve your branding, networking, and/or thought leadership goals. 

Insurtech Insights Europe 2025

Join us at Europe's largest insurtech conference at InterContinental London - The O2
on March 19-20th, uniting over 6,000 senior insurance professionals!