There has been a significant increase in data breach class actions this year, according to a study by Law.com Radar. From January through August, the monthly average of data breach class actions was 44.5, more than double last year’s average of 20.6. In addition, data breaches themselves have been on the rise, with a 114 percent increase in reported data compromises from Q1 to Q2 of 2023, marking the highest number of breaches ever in a quarter. These incidents are becoming increasingly costly as well, with the global average breach cost reaching $4.45 million, a 15 percent increase over three years, according to IBM’s Cost of a Data Breach report.
So, what do these statistics mean for business leaders and how should they react? First and foremost, it’s crucial for organizations to recognize that any organization can be targeted in an attack and to pay attention to the data breach class action landscape. It’s also important to view these trends holistically and understand that significant data breaches often lead to a significant increase in class action exposure. Therefore, organizations need to develop proactive breach response plans that account for risk mitigation and potential class action liability.
Several factors contribute to the rise in data breaches. As the world becomes more digitized, there is more information available for bad actors to access. These actors are developing increasingly sophisticated ways to target sensitive information, while organizations are generating and storing record amounts of data. They are also utilizing advanced technologies to intercept information. Ransomware attacks, for example, have been trending in recent years, with demands increasing from thousands to millions. Other popular attack methods include phishing, multifactor authentication breaches, and malware.
Large-scale hacks have also contributed to the surge in breaches. The ongoing MOVEit hack, which began in May 2023, demonstrates how widespread attacks can quickly put numerous organizations at risk. Many MOVEit incidents involve over one million impacted contacts and result in the exposure of rich files containing complete contact data. These events have the potential to lead to large class action lawsuits against the software creator and its customers.
The increase in court education, regulatory rules, cyber insurance mandates, and media reporting on data breaches has also contributed to more class action activity. Settlements are higher due to the number of affected consumers and the public attention on breaches of all sizes. Courts are even requiring defendants to disclose privileged investigative breach reports.
Given these circumstances, breached organizations must act quickly to mitigate the breach and explain security gaps to protect their reputation. To minimize risk, it is crucial to anticipate not only data breaches but also the potential class actions that may follow.
It is time for organizations to take action and prioritize controls to mitigate breach risk. Regularly reviewing security gaps and making ongoing improvements is essential. Failing to prevent a breach or promptly determine its cause and remediate it effectively are contributing factors to the increase in class actions. Investing in cyber preparedness is becoming a priority for many organizations, with 51 percent planning to increase cybersecurity spending due to internal breaches.
To develop a robust and effective cyber readiness plan that anticipates class action activity, organizations should stay informed about the changing landscape and improve policies and procedures related to threat management. Seeking assistance from outside consultants with expertise in cybersecurity and class actions can be beneficial. These consultants can identify cyber gaps, integrate new tools or information governance approaches, advise on incident prevention and response programs, stay updated on breach and class action trends, provide breach response services, and handle class action administration if necessary.
By combining internal efforts with external resources, organizations can better tackle data breaches and reduce the risk of class actions. This approach provides peace of mind and allows organizations to maintain good cyber hygiene.[View source.]