Shareholder class action lawsuits could soon make their presence felt in the cyber insurance market, an expert has said.
According to Bloomberg, tech giant Yahoo last month reached an $80 million settlement with investors over claims that executives concealed data breaches following an attack thought to have shaved US$350 million off the valuation of the firm when it was purchased by Verizon for US$4.5 billion.
A judge also ruled that customers impacted by the data breach could also continue to seek punitive damages in a lawsuit still making its way through the courts in California.
With this in mind, Fergus Brooks, cyber risk practice leader at Aon Australia, said that with the recent launch of mandatory breach notification laws in Australia, litigation funders could look to pounce on companies following a breach.
“One of the things lawyers, myself, and our team have been talking about is you have got litigation funders out there looking for class actions,” Brooks told Insurance Business. “That is what they do… litigation funders will find out the organisation has had a data breach and I see this happening probably before or at the same time as the privacy commissioner cracking down.”
In the US, firms are already paying settlements following data breaches, with insurer Anthem setting the record at US$115 million, which was paid to customers over a 2015 attack that saw the data of 78.8 million people compromised, according to Bloomberg.
With credit firm Equifax also facing pending legal action, Brooks said that legal requirements surrounding cyber security are likely to be placed further under the spotlight over the coming year.
“When we are talking about cyber, we have been talking about the technology aspects of it when actually these cyber risks are becoming very much legal issues,” Brooks continued.
“A lot of people in Australia make the assumption that we are not as litigious as America and that is simply not true,” he added.
If class actions do take hold against organisations following a cyber breach or attack, cyber policies should respond.
“The insurance helps you with that first party stuff but different policies respond in different ways. One of the intentions is to handle the cost of long-tail claims,” Brooks said. “If you do have claims from individuals because you have misused or lost their data then the costs of those claims and the legal defence would be covered by the cyber insurance policy.”