SINGAPORE — The frequency and severity of large cyber insurance claims continued to climb in the first half of 2024, with data breaches and privacy violations playing a central role in driving up costs, according to Allianz Commercial’s annual cyber risk outlook.
The report highlighted a 14% increase in the frequency of large cyber claims (exceeding €1 million) and a 17% rise in their severity compared to the same period last year. Data and privacy breach incidents were cited in two-thirds of these losses, underscoring their growing impact on the cyber insurance landscape.
“Data breach losses are becoming increasingly significant in the world of cyber insurance,” said Michael Daum, Global Head of Cyber Claims at Allianz Commercial. He noted that the increase is driven by a combination of factors, including the rise of ransomware attacks involving data exfiltration and evolving legal and regulatory environments. “The share of ‘non-attack’ data privacy-related class action litigation has tripled in value in two years alone.”
In the United States, class action lawsuits related to data privacy violations have surged, with over 1,300 cases filed in 2023. This represents more than double the cases filed in 2022 and four times the number from 2021. These lawsuits often target large corporations across industries such as healthcare, social media, and entertainment for privacy violations, such as improper data usage or consent issues.
“The cost of some of these claims can exceed those of ransomware incidents, reaching hundreds of millions of dollars,” Daum added, highlighting the substantial financial impact of privacy-related litigation.
One high-profile example is the 2023 MOVEit data breach, which led to more than 240 lawsuits consolidated into a single Multidistrict Litigation case. The top 10 data breach class action settlements in 2023 alone totaled $516 million, a sharp increase from the $350 million recorded the previous year.
In Europe, the risk of data breach litigation is also on the rise, driven by heightened consumer awareness of data protection rights and a more favorable legal environment for mass claims. However, Europe has not yet seen the same volume of class action lawsuits as the United States.
In Asia, while the average cost of data breaches remains lower compared to global figures, companies in the region are seeing a notable uptick in cyber incidents. According to IBM’s Cost of a Data Breach Report 2024, the average breach cost in Japan reached $4.19 million, with South Korea, ASEAN, and India also reporting rising breach costs.
“Despite relatively lower losses in Asia, the region must remain vigilant,” said Karlis Trops, Head of Cyber and Tech Professional Indemnity at Allianz Commercial Asia. He cited the region’s growing cyber security maturity and the significant number of outsourced technology providers as key factors drawing the interest of threat actors.
Trops also urged Asian companies to bolster their cyber defenses, noting that investment in cyber security in the region still lags behind that of peers in the United States and Europe. “Companies need to focus on improving their supply chain oversight and cyber hygiene to mitigate risks.”
Looking ahead, Allianz experts believe that artificial intelligence (AI) will play a dual role in both heightening and combating cyber risks. AI’s reliance on massive data collection presents potential privacy and security risks, but AI tools also offer new capabilities in identifying and isolating security breaches quickly, potentially reducing the costs and lifecycle of data breach claims.
“AI is becoming an essential tool in the fight against cyber-attacks,” said Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial. He emphasized that AI could help automate critical processes, such as forensics and notifications, potentially saving companies millions of dollars.
Vanessa Maxwell, Global Head of Cyber and Financial Lines at Allianz Commercial, noted that while cyber insurance plays a crucial role in covering claims, it also incentivizes companies to invest in effective cyber security measures. “The value of cyber insurance goes beyond the payment of claims,” she said. “It helps businesses make the case for better security investments.”
With the rising complexity of cyber threats, the insurance industry is focusing more on loss prevention and helping companies strengthen their defenses, Allianz said. Early detection and strong cyber hygiene practices, such as access controls, database segregation, and regular backups, remain critical to mitigating the risk of costly breaches.
As cyber threats continue to evolve, businesses must prioritize robust cyber security frameworks to protect against the rising tide of data breaches and privacy litigation.