Five Emerging Cyber Claims Trends for 2025

Predictions are a risky business in cyber, but we’re willing to put one out there: in 2025, the array of cyber-related risks that businesses face will continue to increase in diversity and complexity. The days when just a few major groups of threat actors dominated the scene are long gone, thanks to a series of law enforcement actions and general destabilization of the ransomware ecosystem after Russia’s invasion of Ukraine. Today there are dozens of active groups deploying a wide variety of strategies and technologies. On top of that, we are seeing an evolution in lawsuits and regulatory actions in response to attacks, which compound risks for businesses. To make some sense of this dizzying diversity of risks, our team analyzed the claims data we gathered over the course of 2024, and put together this overview of current trends and some key areas to watch.

The top five cyber claims trends to watch for in for 2025:

#1 The Rise of Class Action Filings

One of the most significant trends in cyber claims is the rise in class action lawsuits following data breaches, particularly those involving ransomware or a business email compromise (BEC). The speed with which these class actions are filed has increased dramatically. While there was once a delay between a breach and resultant lawsuit, today we are seeing lawsuits initiated almost immediately after a breach is discovered, sometimes even before formal notifications are sent. This is primarily due to the more public nature of breach notifications today. Now, plaintiff’s attorneys are able to actively monitor websites, ransomware leak sites, and announcements from state attorneys general in order to identify potential targets.

The ease of discovering breaches is also resulting in a shift in the size of targets. Contrary to what has been the prevailing view in the industry, it’s not just cyber breaches with large affected populations — such as those numbering in the hundreds of thousands or millions — that attract lawsuits. Class actions are now being filed for breaches impacting as few as 1,000 individuals. This shift has made defending these cases more complicated, particularly as multiple plaintiffs’ firms are now filing similar suits for the same breach, driving up legal costs.

#2 Navigating the Regulatory Landscape

Beyond class actions, many organizations are also dealing with regulatory investigations following a breach. These investigations often begin with a request for information from the State Attorney General’s Office or the Office for Civil Rights (OCR). While these requests don’t always result in formal actions, they can still be costly and time-consuming. The regulatory landscape is tightening, with states like New York leading the charge in setting stricter requirements for breach reporting and notifications.

Organizations are finding themselves in a difficult position as they balance the cost of responding to regulatory actions against the need to manage business interruption losses and class actions. The complexity of these claims has raised concerns about coverage limits, as organizations may exhaust their insurance funds dealing with legal and regulatory costs.

#3 The Evolution of Data Privacy Litigation

Data privacy litigation has also evolved in recent years. One notable trend that has gained traction is the legal battles stemming from the use of tracking technologies like Meta Pixel on websites. These types of cases often center around the alleged collection and transmission of personal data to third parties without proper consent, as plaintiffs argue that their privacy was violated. While the legal landscape is still developing, it’s clear that tracking technologies are becoming a hot topic in data privacy litigation.

Additionally, Illinois’ Biometric Information Privacy Act (BIPA) litigation, which once dominated the data privacy scene, has seen a slowdown due to a ruling from the Illinois Supreme Court limiting the number of claims a plaintiff can file for the same incident. New issues are emerging, however, around the improper handling of personal biometric information or types of technologies collecting biometric information, leading to additional lawsuits in this area.

#4 The Persistence of Social Engineering and Ransomware

Social engineering remains one of the most prevalent types of cybercrime. Business email compromises (BEC) and similar scams continue to result in significant financial losses for organizations. These schemes often involve fraudulent wire transfers based on misleading or manipulated communications from trusted sources, like customers or vendors. In some cases, this has led to subrogation actions, where other insurers demand reimbursement from the policyholder’s cyber insurer for payments made on behalf of the insured.

Meanwhile, ransomware also remains a major threat. While we’ve seen fluctuations in attack frequency, Q3 of 2024 saw a resurgence, with groups like Akira and RansomHub leading the charge, and November 2024 was the most active month on record for ransomware. Notably, there has been a rise in unique ransom demands, with some incidents even involving the request for goods in lieu of currency. This highlights the increasing unpredictability of ransomware threats, as attackers diversify their methods to extract payments.

Organizations are also facing growing intimidation tactics from cybercriminals, including threats to send personal items to executives’ families or using deepfake technology to impersonate company leaders in order to manipulate employees into transferring funds. These tactics add a layer of complexity to an already challenging situation, as they require not only technical defense but also strategic management of public relations and employee security.

#5 The Business Interruption Challenge

Business interruption claims are another area of increasing concern, driven by both ransomware attacks and vendor breaches. When organizations lack sufficient backups, or struggle to restore systems quickly from backups, the result can be higher business interruption losses. Additionally, third-party vendor breaches, such as those seen in the healthcare and automotive sectors, have added to the volume of contingent or dependent business interruption claims. Each breach has unique nuances depending on the type of data or service affected, requiring detailed forensic accounting reviews that can stretch over several months.

For example, in the automotive industry, a ransomware attack at one vendor affected thousands of dealerships that use the vendor’s software. This required a tailored approach to assess the impact on each dealership, making the claims process more complicated and time-consuming. The high volume of data and the need for extensive forensic analysis has led to delays in claims resolution and rising costs for both insurers and their policyholders.

Looking Ahead: Preparing for 2025

The increasing complexity of cyber claims—ranging from class actions and regulatory scrutiny to rising costs and the unpredictable nature of ransomware and business interruption—means that businesses need to be proactive in managing their cyber risk. Organizations should prioritize robust cybersecurity measures, ensure clear data privacy policies, and work closely with insurance agents or brokers to understand their coverage limits. Engaging with forensic experts and legal counsel early in the claims process can also be essential in managing the growing cost of claims and avoiding potential pitfalls in legal defense and regulatory compliance.

As we move into 2025, the landscape of cyber risks will continue to evolve. The ability to adapt to new threats and stay ahead of emerging trends will be the key to minimizing the financial and reputational impact of cyber incidents.