Large cyber claims jump 14% as privacy breaches worsen in 2024

Costs could skyrocket from €20,000 to €20m if left unchecked. 

The frequency of large cyber claims, valued at over $1.09m (€1m), increased by 14% in the first half of 2024, whilst claim severity rose 17%, compared to just a 1% rise in 2023, according to Allianz Commercial’s annual cyber risk outlook. 

Cyber claims have continued to rise in 2024, driven largely by a surge in data and privacy breach incidents. Data and privacy breaches accounted for two-thirds of these large claims.

The increase in cyber claims is attributed to growing ransomware attacks that involve data exfiltration, as well as the expanding volume of personal records shared between organisations. 

In addition, evolving regulatory and legal frameworks, especially in the US, have led to more 'non-attack' data privacy-related litigation, which has tripled in value over the last two years. 

This includes lawsuits stemming from incidents like the improper collection and processing of personal data.

Michael Daum, global head of Cyber Claims at Allianz Commercial, noted that these privacy-related claims, particularly in the US, are becoming more expensive than some ransomware incidents, sometimes reaching hundreds of millions of dollars. 

Meanwhile, Asian companies, though experiencing lower average data breach costs compared to other regions, are facing a rise in cyber incidents due to weaker cybersecurity maturity and the prominence of outsourced technology providers, which are frequent targets for supply chain attacks.

Looking ahead, the increasing use of artificial intelligence (AI) is expected to further impact the cyber risk landscape, as AI tools rely on vast amounts of personal data, raising concerns over privacy and security. 

Despite heightened investment in cybersecurity, many large breaches remain the result of poor cyber hygiene and weak security across supply chains. 

Allianz urges businesses to strengthen cyber defences, including access controls, backups, and staff training, to mitigate the growing threat of data breaches.

Rishi Baviskar, global head of Cyber Risk Consulting at Allianz, emphasised that breaches not contained early can escalate significantly, with costs skyrocketing from $21,888.10 (€20,000) to $21.89m (€20m) if left unchecked. 

($1.00 = €0.91)