Step Aside Ransomware, Privacy Liability Claims are Taking the Cyber Lead

By Lacy Rex

Ransomware has been a common term for cyberattacks for years, but privacy liability claims are on the rise and should be a concern for your organization.

For years, ransomware was the parting gift after a system compromise, but litigation is the unwanted gift that keeps giving. The volume of litigation related to ransomware and data breaches is skyrocketing. According to Bloomberg Law’s 2024 Litigation Data Breach Report:

• Data breach and ransomware/ or ransomware as a service increased from three in 2018 to 736 in 2023, a 24,433% increase.
• All data breach mentions jumped to 1,278 in 2023 from a mere 228 in 2018, a rise of 460%.

So, it’s essential to review your privacy and security liability limits in your cyber policy and take into consideration the following when determining the best cyber liability limit:

• Total record count: This includes personally identifiable information (PII), personal health information (PHI), confidential information, and payment card information (PCI). Such information needs to be protected and will impact your coverage needs.
• Contract values: Vendor and client contracts often stipulate a specific limit an organization must carry for the life of the contract and potentially several years after it ends.

Consider the total number of customer contracts and potential aggregation challenges when determining your limits.

• Peer limit benchmarking: Know what similar organizations purchase for cyber insurance.

However, keep in mind that their risk tolerance and business income exposure could be much higher or lower than yours, and their contractual requirements could be different.

• Cyber business interruption: Note how your business income was impacted and any extra expenses incurred if your organization suffers a cyber incident or cyber system failure. Property policies typically only provide coverage for a physical business interruption.
• Dependent business interruption: This covers business income and extra expenses incurred if a vendor you rely on suffers a cyber incident or cyber system failure and cannot provide technology services or material you require.

When determining your limits, consider how heavily you rely on specific vendors. How would it impact your organization if they were down due to a cyber incident? Do you have enough raw materials if they were impacted?

• Ransomware: Know the average cost of cyber extortion for your industry class.

Questions to consider when determining your limits: How cyber resilient is our company and backups? Would we pay a ransom? How would we respond if they released our information or pressured our clients?

• Privacy and security litigation: This continues to increase year over year, with pixel and tracking code litigation and class action lawsuits arising from a data breach, especially ransomware.

Review your privacy policy and the information being collected on your website. Consider the costs of a data breach, regulatory implications and litigation arising from the incident.

Keep these points in mind when determining your cyber liability limit. Oswald’s experienced team can guide you through the process to help you determine your needs initially and evaluate them periodically.

For more information, visit our Cyber Risk page or contact us here: