Data Mining Precision Is Loss Control: Part 1 – Managing the Surge in Cyber Class Actions

THE LONG TAIL OF THE CYBER CLAIM

When a cyber incident strikes, the immediate priorities are containment, forensics, and recovery. Carriers and their breach response teams focus on bringing systems back online, engaging ransom negotiators, and assembling the legal and technical infrastructure needed to manage the acute phase of the event. That focus is appropriate — but it has historically come at the cost of insufficient attention to what follows.

The “long tail” of the cyber claim refers to the litigation, regulatory, and third-party liability exposure that continues to accrue long after the primary incident is resolved. It is this phase — not the ransomware payment or the business interruption loss — that is increasingly defining the total cost of a cyber event for insurers. And it is this phase that is most directly controlled by the quality of decisions made in the first 30 to 90 days of post-incident response.

The data is unambiguous. According to the Duane Morris Class Action Review – 2026, corporations paid more than $70 billion to settle class actions in 2025 — the highest figure ever recorded in American jurisprudence.^[1] Data breach class action filings totaled over 1,800 in 2025, representing more than 25% growth over 2024 and more than 200% growth since 2022.^[2] Courts granted more than 68% of class certification motions decided in 2025, up from 63% in 2024.^[3] Plaintiffs filed more than 13,000 class action lawsuits in federal courts alone — more than 36 new filings every single day.^[4]

For cyber insurers, these numbers are not abstract. They are the downstream consequence of upstream decisions — decisions about who gets notified, how many individuals are identified as potentially affected, and whether the data mining work underlying those determinations was executed with sufficient precision to withstand adversarial scrutiny. The plaintiffs’ bar understands this connection clearly. The insurance industry is only beginning to internalize it.

THE 2026 LITIGATION ENVIRONMENT: WHAT CARRIERS MUST UNDERSTAND

The Plaintiffs’ Bar Has Professionalized Around Privacy and Data Breach Claims
The Duane Morris 2026 Review identifies a structural shift in the class action landscape that carriers must take seriously: the plaintiffs’ bar has made privacy and data breach litigation the centerpiece of its business model.^[5] The mechanism is familiar — pair a ubiquitous technology or a widespread business practice with decades-old statutory schemes that impose per-violation damages, and generate outsized exposure from otherwise routine activity. The result, as the Review notes, is that class actions are no longer sporadic litigation outliers but a constant, predictable presence in the post-breach landscape.

Session replay technology, website chatbots, tracking pixels, and adtech tools have all been successfully weaponized by plaintiffs’ attorneys in recent years. These are not exotic attack vectors — they are the standard digital infrastructure of virtually every retail, healthcare, financial services, and professional services organization on a cyber insurer’s book of business. Every policyholder with a website is a potential target.

High Certification Rates Amplify Every Notification Decision

“One of the most striking developments in 2025 is the consistently high rate at which courts certified class actions. Judges granted more than 68% of all class certification motions they decided.”

— Duane Morris Class Action Review – 2026

The practical consequence of a 68% certification rate is that every individual included in a notification population becomes a potential class member. This is the mechanism by which over-notification directly increases litigation exposure: a notification sent to 50,000 individuals rather than a more precisely identified 20,000 does not merely represent an incremental compliance cost — it represents a 2.5x expansion of the potential class, and a commensurate expansion of potential per-violation statutory damages.

As Tim Lowe of McDonald Hopkins observed in Integreon’s 2025 post-incident response webinar: “Being precise in notification is critical. Over notification increases class size and exposure. If no actual damages are alleged, we have a strong chance of getting cases dismissed.” The inverse is equally true: over-notification that inflates class size can convert a defensible case into a settlement-driving one.

Circuit Splits Are Creating Strategic Complexity

The Duane Morris Review identifies widening circuit splits on issues central to class action viability — including the treatment of uninjured class members, standards for conditional certification, and personal jurisdiction over out-of-state class members.^[6] These splits have made forum selection more consequential than ever, and have created a landscape where the same notification population and data mining methodology may be evaluated under materially different legal standards depending on where litigation is filed.

For carriers and carrier counsel, the strategic implication is significant: the defensibility of a notification population is no longer assessed against a uniform national standard. Data mining work that is defensible in one circuit may be insufficient in another. This increases the premium on conservative, well-documented methodology — the kind that can survive aggressive challenge under any circuit’s standard.

DATA MINING PRECISION AS A LOSS CONTROL STRATEGY

The Direct Relationship Between Scope and Exposure

Data mining — the process of analyzing compromised data repositories to identify which specific individuals had which categories of sensitive personal information exposed — is the technical foundation upon which all downstream post-breach decisions rest. The notification population flows from data mining. The regulatory compliance posture flows from data mining. And, increasingly, the size and defensibility of the potential plaintiff class flows from data mining.

Imprecision in data mining propagates in two costly directions:

• Over-scoped mining that captures too broad a population inflates the notification list, increases the potential class, and signals to plaintiffs’ attorneys that the insured may be a favorable litigation target due to volume alone.
• Under-scoped mining that misses affected individuals creates regulatory exposure, potential enforcement action, and the risk of a second wave of litigation when the gaps are identified — often by the plaintiffs’ bar through discovery.

Neither outcome is acceptable from a loss control perspective. The objective — a precisely scoped notification population, rigorously defensible, neither over-inclusive nor under-inclusive — requires experienced data mining execution combined with sector-specific knowledge of what data is likely to be present, in what format, and in what volume.

Performance Benchmarks: What Precision Looks Like in Practice

Integreon’s current carrier portfolio provides concrete evidence of what precision-driven data mining execution delivers at scale. Across high-volume carrier clients, Integreon is executing data mining and notification engagements at 18% to 28% below approved budget across the portfolio. For select carrier clients, results are being achieved at as low as 38% below approved budget.

These are not marginal variances. In a line of business where reserve accuracy directly impacts combined ratios, and where data mining and notification costs can reach into the hundreds of thousands of dollars for large healthcare or retail incidents, consistent below-budget performance represents a material claims management advantage. Equally important, the precision that drives those cost savings is the same precision that shrinks notification populations and, with them, the potential class.

While the link between data mining precision and loss control is clear, the practical application of this strategy depends on the unique data environments of the insured. Precision is not uniform; the costs, complexities, and risks change significantly by sector. In the second part of this series, we will break down the empirical evidence by examining 15 months of project data across 62 engagements. Those insights can provide carriers with a sector-specific roadmap for managing exposures.

Watch for Part 2 later this week!

Meet the Author

Blake A. Feldman, Esq., CIPP/US

Vice President and Head of the Insurance Carrier Channel, Integreon

Blake A. Feldman, Esq., CIPP/US is Vice President and Head of the Insurance Carrier Channel at Integreon, where he leads global cyber and financial lines carrier partnerships, incident response strategy, and claims lifecycle integration. He is a licensed attorney (New York), a Certified Information Privacy Professional (CIPP/US), and a credentialed full-stack developer. Prior to Integreon, Mr. Feldman served as Manager of Claims Operations at Coalition, Inc., where he led a team of 19 claims professionals handling over 4,300 cyber and technology E&O claims, and as Claims Counsel at Travelers Insurance. He began his legal career as a Judge Advocate in the United States Army, where he litigated more than 55 federal trials. He is a featured panelist at the NetDiligence Cyber Risk Summit and a published author on emerging cyber insurance risk topics.

The analysis and opinions in this article reflect the author’s professional experience and Integreon’s internal project data. This article is intended for informational and educational purposes only. Nothing herein constitutes legal advice.

REFERENCES

^[1]Id. (“With corporations paying more than $70 billion to settle class actions in 2025 — the highest figure ever recorded in the history of American jurisprudence.”).

^[2]Id. (data breach class action filings totaled over 1,800 in 2025, representing more than 25% growth over 2024 and more than 200% growth since 2022).

^[3]Id. (courts granted more than 68% of class certification motions decided in 2025, up from 63% in 2024).

^[4]Id. (plaintiffs filed more than 13,000 class action lawsuits in federal courts in 2025, exceeding 36 new filings per day).

^[5]Duane Morris, supra note 1 (“Continued settlements in the privacy space have inspired more members of the plaintiffs’ bar to make privacy litigation the centerpiece of their business models.”).

^[6]Id. (identifying circuit splits on conditional certification standards, treatment of uninjured class members, and personal jurisdiction over out-of-state class members).