Introduction
In today's rapidly shifting cyber threat environment, staying ahead of emerging claim trends isn't just good practice-it's essential for survival. As we navigate through 2025, we're witnessing significant evolutions in both attack methodologies and litigation strategies that demand our attention. Increased risk means increased diligence and oversight from every risk manager.
01 The Trap and Chase Revolution: BEC Claims Continue to Dominate
Business Email Compromise (BEC) attacks remain one of the most financially devastating cyber threats facing organizations today. The FBI reports that between October 2013 andDecember 2023, BEC incidents resulted in staggering losses of $55.5 billion across more than 305,000 rеported cases. Even more concerning, according to research conducted by EyeSecurity, BEC attacks accounted for 73% of all reported cyber incidents in 2024, a significant increase from 44% in 2023.[2]
What's changed? The sophistication. Today's BEC attacks are increasingly leveraging artificial intelligence to create more convincing impersonations. By mid-2024, it is estimated that approximately 40% of BEC phishing emails were flagged as Al generated content.[3] The average BEC wire transfer request was $24,586 in January 2025, compared to $16,799 a month prior.[4]
REAL WORLD IMPACT
In one notable case from 2016, a scammer posing as the CEOof aerospace manufacturer FACC used a fake acquisition scheme to falsely entice an employee into transferring $47 million. As a result of this devastating BEC attack, the company's board fired both the CFO and the CEO for "violating their duties".[5] The incident highlights how even large, established organizations remain vulnerable to these increasingly sophisticated social engineering tactics.
02 The Trap and Chase Revolution: BEC Claims Continue to Dominate
While Meta Pixel claims initially gained notoriety in the healthcare sector, there's been a significant expansion of these claims into retail and financial services. These claims typically allege that businesses violated privacy laws by using tracking pixels that collect and share consumers' browsing data without proper consent.
The surge in Meta Pixel cases continues to gain momentum as plaintiffs' attorneys successfully argue that third-party cookies and pixels on websites not only collect data but share that information with platforms like Facebook for targeted advertising purposes often without meaningful or properly disclosed user consent.
What's particularly concerning is how these claims are leveraging older statutes in new ways. For example, the California Invasion of Privacy Act (CIPA), a legacy wire tapping statute passed to protect citizens from eavesdropping, is now being applied to modern website technologies. Unlike newer privacy regulations, CIPA provides for a broad private right of action and statutory damages, making it particularly attractive to plaintiffs' attorneys.
