Thought the risk of being sued for a cyber breach was already high? It’s getting worse, Carolyn Purwin Ryan, a partner in Mullen Coughlin LLC’s data privacy and cybersecurity practice, told viewers during a recent webinar. Ryan noted that cyber breaches requiring the notification of >10,000 individuals often triggered a class-action lawsuit. But weeks ago “we notified twenty-five-hundred individuals — we got a class action within a week pending against us. So it is no longer those higher thresholds,” she said. Indeed, cyber insurance lawsuits are becoming more common.
Ryan’s comments came in the presentation “Loss Trends in Cyber Liability Insurance,” hosted by AM Best, sponsored by Munich Re US and available here
Not only have thresholds gone down, so has the time it takes for plaintiff’s lawyers to file suit. Ryan said more and more attorneys and state attorneys general are focusing on cyber breaches and cyber insurance lawsuits. “How did you even know about this (breach from my client)? How did you know before I even sent my (disclosure) notice to the attorney general. (E)ven before I’m notifying individuals sometimes I’m getting a class action complaint. It is the race now to the courthouse,” she said.
“Harassment Campaign”
It’s not just litigation that’s getting more aggressive, said Ryan, but also new forms of ransomware. “Typically we had ones (ransomware attacks) where it would be lock you out, extort you for cash, take your data. But now they’re also doing the harassment campaign and taking it up to new levels,” she said, citing last year’s Lehigh Valley Health Network hack in which cyber crooks posted nude pictures of hundreds of patients from their medical appointments. Lehigh last month settled a class action suit involving the hack for $65 million. This case also highlighted the increasing frequency of cyber insurance lawsuits.
It’s going to get worse, the lawyer predicted. “(Now ransomware gangs are) doing such things as social media tactics where they’re sending messages of individuals and showing their locations. They’re threatening physical bodily harm these individuals. But really what companies need to understand is that this is going to continue. These are things that are just going continue to escalate.There’s no line in the sand for these threat actors that are out there.”
Also joing the webinar were Rob Barlow, cyber underwriter at Munich Re US, and Maria Long, vice president, cyber underwriter and risk management portfolio leader at Munich Re Specialty – Global Markets, whose comments were also valuable.
The webinar also covered topics such as wrongful data collection, new trends in wire transfer fraud and the importance of enterprises carefully reviewing data retention clauses in contracts to find opportunities to move sensitive data, if it must be retained, into “cold storage.” The insights offered were crucial for understanding the landscape of cyber insurance lawsuits.
Other News: Patient Sues Hospital Network to Make it Pay Ransom (Opens in a new browser tab).