Organizations dealing with U.S. citizen data need to step up their cybersecurity measures and respond to incidents faster to dodge escalating legal costs.
Recent analysis from Panaseer, a specialist in continuous controls monitoring, reveals that U.S. companies are shelling out millions due to data breaches. In just six months, from August 2024 to February 2025, 43 lawsuits were filed, and 73 settlements reached. The total loss from class action costs hit $154.6 million, with settlements averaging around $3 million—one even soared to $21 million. Individual payouts to those affected varied from $150 to $12,000, adding further financial strain, especially when factoring in costs for third-party forensics.
Jonathan Gill, CEO of Panaseer, points out that while there’s understanding for attacks, the tolerance diminishes when companies seem negligent about data protection. He believes the issue often lies in processes rather than people. Organizations may aim for a certain risk level but can drift into riskier territory without reliable information to guide them.
Gill warns that without a solid record of incident preparedness, the disconnect between perceived and actual security can widen. Companies might think they’re secure when, in reality, they’re not. He highlights that assumptions about coverage can hide serious issues like unpatched systems and misconfigurations. According to their findings, inadequate cybersecurity measures were cited in half of the breach filings and nearly all settlements. Data encryption failures appeared in 40% of filings, while delays in notifications were noted in 10%.
Breach litigation has surged, doubling in 2024 compared to the previous year, with states like California and Florida leading due to stricter privacy laws. Gill emphasizes that showing thorough due diligence in security efforts can be a solid defense against legal action. He stresses the importance of accurately mapping core data and IT assets and the protective measures in place.
“The biggest challenges today stem from how we manage cybersecurity risks,” he notes. The landscape is continually changing, and security teams are overwhelmed with an average of 83 solutions from 29 different vendors. This complexity leads to blind spots and potentially costly breaches.
To counteract this, Gill advises chief information security officers to focus on three essentials: visibility, alignment, and clarity. A reliable system can provide a clear picture of security data, understandable by all involved. This would allow teams to act based on data insights aligned with business goals, turning reactive responses into proactive measures and ensuring that, even if things go wrong, they can demonstrate responsible actions.