A recent storm of privacy class action lawsuits and regulatory actions are hitting hospitals, financial services companies, national retailers, and online service providers. Cyber insurers, attorneys, and forensic firms are suddenly swamped with cyber claims stemming from class action lawsuits and enforcement actions. Once seen as a low-risk cyber coverage area, cyber underwriters and claims teams are now scrambling to address the growing
In just the past six months there has been a flood of data privacy lawsuits and enforcement actions impacting cyber insurers' policies. Allegations include:
- Restaurants sharing customers' online video-watching behavior with social media networks.
- Online tax services providers sharing data with the Meta
Pixel on tax preparations websites.
- Hospitals and telehealth services sharing patient data with Facebook and other social media networks.
- Online session replay tools that record site visitors' behavior, prompting plaintiffs' attorneys to allege violations of wiretapping laws.
While many insurers are all too familiar with
Thus, the insurance claims team must now coordinate a group of privacy attorneys, IT forensics firms, and executives within the insured's organization to understand how the website, the trackers, the data, and the third parties all conspired to create these alleged violations.
In light of these growing claims, some cyber underwriters are adding exclusions for coverage. Others, eager to build their customer relationships, are looking for opportunities to underwrite with greater intelligence about these privacy risks.
A web privacy economy is growing today
Today, a new data privacy ecosystem of insurers, attorneys, regulators, tech service providers, forensic firms, PR agencies and consultants are being fueled by growing privacy threats. Whether providing proactive services or responding to litigation, every company that has a website is working through complex privacy requirements and striving to make their web operations compliant.
Individual state laws continue to evolve creating a difficult patchwork of regulations that add complexity to an already challenging compliance environment. In the U.S., federal regulators and state legislatures are implementing new laws, encouraging plaintiff attorneys to pursue class action lawsuits. This, in turn, drives insurers to create coverage for these new risks that their policyholders will face.
New insurtech companies are creating tools to help provide intelligence to insurers during underwriting, while also creating better software for companies to not only comply with the new laws, but also mitigate the risk on their end. All the while, everyone in the 'privacy economy' is seeking to learn more about the risks and how to protect themselves.
Cyber insurers need privacy risk intelligence
Insurers, having learned from the
For many years, the focus for cyber insurers has been on IT and the growing role of the Chief Information Security Officer (CISO). Insurers and security professionals have been working together to help close the gap when it comes to intelligent underwriting. Similarly, it is now the Chief Privacy Officer (CPO), the Chief Marketing Officer (CMO) and the CISO that will need to collaborate with brokers and underwriters to enable more privacy intelligence and risk management.
Online privacy in the spotlight
Perhaps 2023 will be seen as the start of the revolution. Not only is the regulatory environment ripe, but consumers are also more aware than ever before due to constant spam, scams, tax fraud, cyberbullying and identity theft. New data privacy legislation has already been enacted in five states (California, Colorado, Connecticut, Utah and Virginia).
The cyber insurance industry has been a leader in helping companies adopt new technologies and practices to fight ransomware and cybercrime. This year, we look to