There has been a significant increase in data breach class actions this year, according to a study by Law.com Radar. From January to August, the monthly average of data breach class actions was 44.5, more than double last year’s average of 20.6. Additionally, data breaches themselves have been on the rise, with a 114 percent increase in reported data compromises from Q1 to Q2 of 2023, marking the highest number of breaches in a quarter. These incidents are becoming more expensive as well, with the global average breach cost reaching $4.45 million, a 15 percent increase over three years, according to IBM’s Cost of a Data Breach report.
So, what do these statistics mean for business leaders? First and foremost, it’s time to acknowledge that any organization is susceptible to an attack and pay attention to the data breach class action landscape. Instead of viewing these trends in isolation, it’s crucial to consider them as part of the bigger picture. Major data breaches often lead to a significant increase in class action exposure. Therefore, organizations need to develop proactive breach response plans that account for risk mitigation and potential class action liability.
Several factors contribute to the rise in data breaches. As the world becomes increasingly digitized, there is more information available for bad actors to access. These malicious individuals are developing more sophisticated ways to target sensitive information, while organizations are generating and storing record amounts of data. Advanced technologies are also being used as tools to intercept information. Ransomware attacks, for example, have become more prevalent, with demands now reaching millions of dollars. Even if organizations pay the ransom, this only perpetuates the problem and encourages further attacks.
Large-scale hacks have also played a role in the surge of data breaches. The ongoing MOVEit hack, which began in May 2023, highlights how widespread attacks can quickly put numerous organizations at risk. These events have the potential to result in large class action lawsuits against the software creator and its customers. The increasing court education, regulatory rules, cyber insurance mandates, and media reporting on data breaches have also contributed to more class action activity. Settlements are higher due to the number of affected consumers and the public attention on breaches of all sizes. Courts are even demanding that defendants provide privileged investigative breach reports.
Given these circumstances, breached organizations must act quickly to mitigate the breach and explain any security gaps to protect their reputation. To minimize risk, it is crucial to anticipate not only data breaches but also the potential class actions that may follow.
It’s time for organizations to take action. Having controls in place to mitigate breach risk is no longer optional. Regularly reviewing security gaps and making ongoing improvements should be a top priority. Failing to prevent breaches or promptly identify and remediate them are contributing factors to the increase in class actions. Investing in cyber preparedness is essential, with 51 percent of organizations planning to increase cybersecurity spending due to internal breaches, according to the IBM report.
To effectively tackle data breaches and potential class actions, organizations should seek outside expertise. Partnering with a consultant who specializes in cybersecurity and class actions can help identify and fix cyber gaps, advise on incident prevention and response programs, stay informed about breach and class action trends, provide breach response services, and handle class action administration if necessary.
By combining internal efforts with external resources, organizations can better handle data breaches and reduce the risk of class actions. This approach provides peace of mind, allowing organizations to maintain good cyber hygiene.[Source: View source.]