By Modupe Gbadeyanka
An arm of a global insurance firm, Allianz Group, Allianz Commercial, has revealed that cyber insurance claims are beginning to rise as a result of an increase in data and privacy breach incidents.
It, therefore, called on insurers to step up their focus on the data privacy side of cyber risk and offer loss prevention and mitigation advice to businesses.
In its annual cyber risk outlook, the firm said the frequency of large cyber claims in the first six months of 2024 was up 14 per cent while severity increased by 17 per cent, with data and privacy breach-related elements present in two-thirds of these large losses.
In the report, the Global Head of Cyber Claims at Allianz Commercial, Mr Michael Daum, pointed out that, “The growing significance of data breach losses among cyber insurance claims is driven by a number of notable trends.”
“A rise in ransomware attacks including data exfiltration is a consequence of changing attacker tactics and the growing interdependencies between organizations sharing ever more volumes of personal records.
“At the same time, the evolving regulatory and legal environment has brought an uptick in so-called ‘non-attack’ data privacy-related class action litigation, resulting from incidents such as wrongful collection and processing of personal data – the share of these claims has tripled in value in two years alone,” he added.
“We are seeing more data privacy breach claims in the US where there is a growing trend for class action litigation against large US and international corporations related to privacy violations, such as around consent and data usage,” Mr Daum further said, adding that, “The cost of some of these claims can be even larger than a ransomware incident, in the hundreds of millions of dollars.”
Over the last year, in particular, data breaches have emerged as one of the fastest-growing areas of US class action litigation. Over 1,300 were filed across a wide range of data privacy regulations in 2023, more than double the number filed in 2022 and four times that filed in 2021, according to law firm Duane Morris.
Multiple class action lawsuits have been launched against organizations across a wide range of industries, including healthcare, social media, and gaming, for using tracking tools such as Meta Pixel to monitor consumer behaviour, while entertainment streaming platforms have also been targeted, alleging that they may have violated privacy protection rights.
In addition, the risk of data breach litigation is also growing in Europe. Heightened awareness of data protection rights, a rise in the availability of third-party litigation funding, and a more consumer-friendly litigation environment could make mass data privacy claims a reality, albeit not on the same scale as the US, the report noted.
It was observed that despite a general trend for increased investment in cyber security in recent years, many data breaches, including some of the largest mass data exfiltration cyber-attacks over the past 18 months, are the result of weak cyber security within organizations and/or their supply chains.
Such incidents can lead to a large claim involving regulatory fines, notification costs and third-party litigation, in addition to extortion demands, first-party costs and business interruption.
“The insurance industry must also step up its focus on the data privacy side of cyber risk and has a key role to play in offering loss prevention and mitigation advice to businesses about this increasingly important area of exposure,” the Global Head of Cyber and Financial Lines at Allianz Commercial, Ms Vanessa Maxwell, submitted.
“The value of cyber insurance goes well beyond the payment of claims. Insurance helps companies make the business case for cyber security investment and to direct their resources towards the most effective measures,” she said.
On his part, the Global Head of Cyber Risk Consulting at Allianz Commercial, Mr Rishi Baviskar, posited that “Early detection and response capabilities are also key. Around two-thirds of breaches are typically reported by a third party or by the attackers themselves.”
“Cyber breaches that are not detected and contained early can end up being 1,000 times more expensive than those that are, the difference between a €20,000 loss turning into a €20 million one.
“AI is also becoming an essential tool in the fight against cyber-attacks, as it can quickly identify a security breach and automatically isolate systems and databases, as well as having the potential to significantly reduce the cost and life cycle of a data breach claim by automating tasks, such as forensics and notifications, potentially saving companies millions of dollars.”