In the US we've seen greater incident complexity, including a rise in class actions and a shift in the way threat actors use stolen data.

It's no longer just about locking people out of files – cyber extortion with data exfiltration will also drive class actions in 2023. Threat actors don't need to manipulate data; they can just steal and distribute. They’ve also made accessing this data easier; traditionally available only on the Dark Web, stolen data is now searchable on publicly accessible websites. Concerns about data are now spurring plaintiffs to action.

Class actions have ticked up – at much smaller notified populations – and will continue to do so. Plaintiffs have started filing data breach class actions for significantly smaller potential class sizes. While third-party litigation is less of an issue elsewhere in the world, global companies must be aware of this trend and the potential impact from their US operations.

Another emerging trend in the US is the filing of multiple class actions by different plaintiffs’ counsel for the same breach. This is driving up attorneys’ fees for settlements, and as more new plaintiffs’ attorneys enter the data breach class action space, it can be harder to settle.

With no singular driver, cyber extortion incidents will continue to be more complicated, more damaging, and harder to resolve.

The five-level work stream of breach response