It seems that not a week goes by without news of a major cybersecurity incident impacting an array of entities ranging from state and local governments to not-for-profit organizations to some of America’s largest and most well-known companies. The prevalence of cybersecurity incidents and more specifically data breaches has become so frequent that much of the public pays little attention, perhaps a symptom of “breach notice fatigue.”

However, there are certainly some people paying attention as more and more entities that were the victim of cyberattacks are finding themselves embroiled in costly litigation resulting from the attacks. A Bloomberg Law analysis, for example, found that in the health care sector alone, the number of new class action lawsuits arising from data breaches filed in 2023 nearly doubled from that in 2022. That trend seems to be continuing upward in 2024.