Cybercrime warning in South Africa
Cyber claims have continued to rise over the past year, driven in large part by a rise in data and privacy breach incidents, insurance company Allianz Commercial has warned.
According to their recently published annual cyber risk outlook, the frequency of large cyber claims (>€1 million/ ~R20 million) in the first six months of 2024 was up 14%, while severity increased by 17% following just a 1% increase in severity during 2023.
In South Africa, the average cost of a data breach for companies has reached nearly R50 million in 2024.
Allianz said that data and privacy breach-related elements are present in two-thirds of these large losses.
“The growing significance of data breach losses among cyber insurance claims is driven by a number of notable trends,” said Michael Daum, Global Head of Cyber Claims at Allianz Commercial.
“A rise in ransomware attacks, including data exfiltration, is a consequence of changing attacker tactics and the growing interdependencies between organisations sharing ever more volumes of personal records.
“At the same time, the evolving regulatory and legal environment has brought an uptick in so-called ‘non-attack’ data privacy-related class action litigation, resulting from incidents such as wrongful collection and processing of personal data – the share of these claims has tripled in value in two years alone,” added Daum.
Overall, the total number of cyber claims in 2024 is expected to stabilise, following a 30% increase in frequency during 2023, which resulted in 700+ claims.
‘Non-attack’ claims increase as privacy litigation ramps up
The report highlighted that the number of ‘non-attack’ data privacy claims is rising significantly, driven by advancements in technology, the increasing commercial value of personal data, and a shifting legal landscape.
The group said that, unlike the stringent regulations in the EU, US privacy laws are more flexible, leading to potential class action lawsuits as plaintiff lawyers seek revenue opportunities.
According to a recent report, over 1,300 data breach claims were filed in the US in 2023, more than double the previous year’s figures.
South Africa
South Africa ranks 14th globally in the average cost of a data breach, reaching nearly R50 million in 2024.
The group said this highlights the significant financial impact of data breaches within the country. The US had the highest average cost, at ~R165 million. Rounding out the top five regions and countries were the Middle East (~R154 million), Benelux (~R104 million), Germany (~R94 million), and Italy (~R83 million).
Numerous class action lawsuits are being filed against organisations in sectors like healthcare and social media for using tracking tools such as Meta Pixel.
The 2023 MOVEit data breach alone led to over 240 consolidated lawsuits.
Settlements for the top 10 data breach cases reached $516 million last year, up from $350 million in 2022.
In Europe, growing awareness of data protection rights and increased litigation funding are likely to spur data breach claims, although Allianz does not expect it to be at the scale seen in the US.
AI to power and prevent future data privacy breaches
The report highlighted that AI’s widespread adoption across industries will significantly impact cyber and privacy risks.
While it enables the processing of vast amounts of personal data for model training and predictions, poorly managed AI tools like chatbots can pose privacy and security threats.
The risk of data breaches is heightened by the potential for sensitive information to be compromised through hacking or mismanagement, raising concerns about compliance with privacy laws.
From data exfiltration to data protection
Despite increased investment in cybersecurity, many recent data breaches stem from inadequate protections within organizations and their supply chains.
These breaches can result in substantial claims, including regulatory fines, notification costs, and litigation expenses.
“The insurance industry must also step up its focus on the data privacy side of cyber risk and has a key role to play in offering loss prevention and mitigation advice to businesses about this increasingly important area of exposure,” said Vanessa Maxwell, Global Head of Cyber and Financial Lines at Allianz Commercial.
“The value of cyber insurance goes well beyond the payment of claims. Insurance helps companies make the business case for cyber security investment and to direct their resources towards the most effective measures,” she added.
Allianz Commercial said that data breach risks are best mitigated “through good cyber hygiene, including strong access controls, database segregation, backups, patching and training.”
“Having better oversight of any cyber weaknesses in their supply chains is an area where many companies need to improve,” they added.
Rishi Baviskar, Global Head of Cyber Risk Consulting at Allianz Commercial, said that “early detection and response capabilities are also key. Around two-thirds of breaches are typically reported by a third party or by the attackers themselves.”
“Cyber breaches that are not detected and contained early can end up being 1,000 times more expensive than those that are, the difference between a €20,000 loss turning into a €20 million one.”
The group concluded that AI is becoming a crucial asset in combating cyber-attacks by rapidly detecting security breaches and isolating affected systems.
It can also streamline tasks like forensics and notifications, significantly reducing the costs and duration of data breach claims and potentially saving companies millions.