Allianz Report Highlights Surge in Cyber Claims Driven by Data Privacy Issues and Class Action Lawsuits

Allianz Report Highlights Surge in Cyber Claims Driven by Data Privacy Issues and Class Action Lawsuits

(IN BRIEF) A recent report by Allianz Commercial highlights significant trends in the cyber insurance landscape, noting a rise in both the frequency and severity of large cyber claims due to data privacy breaches. In the first half of 2024, claims over €1 million increased by 14%, while the associated costs rose by 17%. This surge is largely driven by a rise in data and privacy breaches, particularly in the U.S., where class action lawsuits against corporations for privacy violations are becoming more common. The report anticipates that while the number of cyber claims may stabilize in 2024 after a 30% increase in 2023, the overall financial impact of claims will continue to escalate. Allianz emphasizes the necessity for improved cybersecurity practices and the role of insurance in mitigating these risks, especially as artificial intelligence becomes increasingly integral to data management and security.

(PRESS RELEASE) MUNICH, 9-Oct-2024 — /EuropaWire/ — Allianz Commercial has revealed a significant increase in the frequency and severity of large cyber insurance claims, attributing this trend largely to rising incidents of data and privacy breaches. According to Allianz’s latest Cyber Risk Outlook, the number of large cyber claims exceeding €1 million rose by 14% in the first half of 2024, with claim severity up by 17%. Notably, data and privacy breach elements were present in two-thirds of these significant losses.

The report highlights a concerning trend in the United States, where class action lawsuits against both domestic and international corporations regarding privacy violations have resulted in escalating costs. Although the overall number of cyber claims is projected to stabilize in 2024, following a staggering 30% increase in 2023, the implications of this rising trend are profound.

Michael Daum, Global Head of Cyber Claims at Allianz Commercial, explained, “The escalating importance of data breach incidents among cyber claims is influenced by several critical factors. Notably, there has been a rise in ransomware attacks that involve data exfiltration. This shift in tactics among cybercriminals, combined with the growing interconnectedness of organizations sharing extensive personal records, poses new challenges. Furthermore, the evolving legal landscape has led to an increase in ‘non-attack’ data privacy-related class action litigation, stemming from issues such as wrongful collection and processing of personal data.”

The rise of ‘non-attack’ claims stems from technological advancements, the increasing commercial value of personal data, and a shifting regulatory environment. In contrast to the EU’s General Data Protection Regulation (GDPR), US privacy regulations often lack specificity, leading to ambiguity that invites class action lawsuits.

Daum added, “We are witnessing a surge in data privacy breach claims in the US, where there is a notable trend of class action litigation against major corporations related to privacy violations concerning consent and data usage. In some instances, the financial repercussions of these claims can surpass those associated with ransomware attacks.”

In the past year, data breaches have emerged as one of the fastest-growing areas for class action litigation in the US, with over 1,300 lawsuits filed under various data privacy regulations in 2023. This figure represents more than double the cases filed in 2022 and quadruples those from 2021, according to legal experts.

Multiple industries, including healthcare and social media, have faced lawsuits related to privacy violations, while large data breaches often trigger a cascade of legal actions. For instance, more than 240 lawsuits related to the MOVEit data breach were consolidated into a single multidistrict litigation case in October 2023.

The risks associated with data breach litigation are also escalating in Europe, driven by heightened awareness of data protection rights and an increasingly consumer-friendly litigation environment, although the scale of these claims is not anticipated to match that of the US.

The advent of artificial intelligence (AI) across various industries is expected to significantly influence the landscape of cyber and privacy risks moving forward. While AI relies on extensive data collection for training and operational purposes, it also raises concerns regarding privacy breaches and data security if not managed appropriately.

Despite increased investment in cybersecurity, many data breaches, including major incidents over the past 18 months, can be traced back to vulnerabilities within organizations and their supply chains. These breaches can result in substantial claims, encompassing regulatory fines, notification costs, and third-party litigation, in addition to extortion demands and business interruption expenses.

Vanessa Maxwell, Global Head of Cyber and Financial Lines at Allianz Commercial, emphasized, “The insurance industry must enhance its focus on the data privacy dimension of cyber risks. Our role extends beyond claims payments; we provide businesses with vital loss prevention strategies and guidance on managing this increasingly critical exposure.”

To mitigate data breach risks, organizations are encouraged to adopt strong cybersecurity practices, including access controls, database segregation, and employee training. Effective oversight of cybersecurity weaknesses within supply chains remains an area for improvement for many companies.

“Early detection and response capabilities are vital,” noted Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial. “Typically, around two-thirds of breaches are reported by third parties or the attackers themselves. Breaches that go undetected for extended periods can escalate in cost exponentially, turning a €20,000 loss into a €20 million one.”

AI is emerging as a crucial ally in combating cyberattacks, with the potential to swiftly identify security breaches and isolate affected systems. By automating critical tasks like forensics and notifications, AI can significantly reduce both the costs and duration of data breach claims, potentially saving organizations millions.

About Allianz Commercial

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks. Among our customers are the world’s largest consumer brands, financial institutions and industry players, the global aviation and shipping industry, as well as family-owned and medium enterprises, which are the backbone of the economy. We also cover unique risks such as offshore wind parks, infrastructure projects or film productions.

Powered by the employees, financial strength, and network of the world’s #1 insurance brand Allianz, as ranked by Interbrand, we work together to help our customers prepare for what’s ahead: They trust us to provide a wide range of traditional and alternative risk transfer solutions, outstanding risk consulting and multinational services as well as seamless claims handling.

The trade name Allianz Commercial brings together the large corporate insurance business of Allianz Global Corporate & Specialty (AGCS) and the commercial insurance business of national Allianz Property & Casualty entities serving mid-sized companies. We are present in over 200 countries and territories either though our own teams or the Allianz Group network and partners. In 2023, the integrated business of Allianz Commercial generated around €18 billion in gross premium globally.

Forward Looking Statement disclaimer

The statements contained herein may include statements of future expectations and other forward-looking statements that are based on management’s current views and assumptions and involve known and unknown risks and uncertainties that could cause actual results, performance or events to differ materially from those expressed or implied in such statements. In addition to statements which are forward-looking by reason of context, the words “may”, “will”, “should”, “expects”, “plans”, “intends”, “anticipates”, “believes”, “estimates”, “predicts”, “potential”, or “continue” and similar expressions identify forward-looking statements.

Actual results, performance or events may differ materially from those in such statements due to, without limitation, (i) general economic conditions, including in particular economic conditions in the Allianz Group’s core business and core markets, (ii) performance of financial markets, including emerging markets, and including market volatility, liquidity and credit events (iii) the frequency and severity of insured loss events, including from natural catastrophes and including the development of loss expenses, (iv) mortality and morbidity levels and trends, (v) persistency levels, (vi) the extent of credit defaults, (vii) interest rate levels, (viii) currency exchange rates including the Euro/U.S. Dollar exchange rate, (ix) changing levels of competition, (x) changes in laws and regulations, including monetary convergence and the European Monetary Union, (xi) changes in the policies of central banks and/or foreign governments, (xii) the impact of acquisitions, including related integration issues, (xiii) reorganization measures, and (xiv) general competitive factors, in each case on a local, regional, national and/or global basis. Many of these factors may be more likely to occur, or more pronounced, as a result of terrorist activities and their consequences.

The matters discussed herein may also be affected by risks and uncertainties described from time to time in Allianz SE’s filings with the U.S. Securities and Exchange Commission. The company assumes no obligation to update any forward-looking statement.

Media Contact:

Philipp Keirath
Head of Media Relations
Global
+49-160-982-343-85
philipp.keirath@allianz.com

SOURCE: Allianz SE