What's driving large claims in cyber insurance?

Global cyber claims head outlines current trends

What's driving large claims in cyber insurance?

Cyber

By Terry Gangcuangco

Large cyber insurance claims (exceeding €1 million) have risen in both frequency and severity in the first half, with two-thirds of the losses consisting of elements tied to data and privacy breach incidents.

According to Allianz Commercial’s latest cyber risk outlook, large cyber claims saw a 14% increase in frequency and 17% in severity year-on-year during the first six months of 2024. Class action lawsuits, particularly in the US, are pushing costs higher for companies involved in privacy violations.

Michael Daum (pictured), global head of cyber claims at Allianz Commercial, said the growing significance of data breach losses among cyber insurance claims is driven by several notable trends.

“A rise in ransomware attacks including data exfiltration is a consequence of changing attacker tactics and the growing interdependencies between organisations sharing ever more volumes of personal records,” he pointed out.

“At the same time, the evolving regulatory and legal environment has brought an uptick in so-called ‘non-attack’ data privacy-related class action litigation, resulting from incidents such as wrongful collection and processing of personal data.”

According to Daum, the share of such non-attack claims has tripled in value in just two years.

“We are seeing more data privacy breach claims in the US where there is a growing trend for class action litigation against large US and international corporations related to privacy violations, such as around consent and data usage,” Daum noted, highlighting that these legal battles can be costlier than ransomware incidents.

Figures from law firm Duane Morris show that data privacy-related lawsuits filed in 2023 in the US more than doubled to over 1,300 from 2022. Notably, the 2023 MOVEit data breach led to more than 240 lawsuits that were subsequently consolidated, showing how a single incident can result in massive litigation costs.

Meanwhile the increasing use of artificial intelligence in various sectors is expected to further alter the cyber and privacy risk landscape. AI’s reliance on vast datasets – often containing personal, health, and biometric information – creates new risks for breaches and privacy violations, especially if tools like chatbots are mismanaged or companies fail to secure proper consent for data processing.

What do you think about this story? Share your thoughts in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!