Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
On the August 14, 2025 episode of The Safe House Podcast, host Jeff Edwards and co-host Tawana Johnson welcomed Chris Wood, partner at Lewis Brisbois and a veteran complex litigator, to explore the fast-growing world of data breach litigation. Listen to the original podcast here: https://safehouseinitiative.org/breach-to-bench-how-class-actions-are-born-from-cyber-incidents-with-chris-wood/
Wood has been litigating class actions for over 20 years, and since 2020 he has dedicated much of his practice to defending cyber cases nationwide.
“The amount of activity in the breach world we see all the time in the news translates into litigation in the United States. I’ve done dozens of those cases and we have a healthy portfolio today,” Wood explained.
According to Wood, lawsuits usually start with mandatory disclosures.
“Once you have an incident, oftentimes there are reporting obligations that emerge on a state and federal level. Plaintiffs’ lawyers monitor those attorney general websites, and if it’s attractive to them—boom, boom, boom—it ends up in a lawsuit.”
This regulatory transparency, intended to protect consumers, often serves as a roadmap for the plaintiffs’ bar.
While claims vary, Wood noted that most boil down to allegations of negligence.
“At the heart of all this is the notion that you had a duty to me—the consumer, client, or employee—to maintain that information, and you didn’t fulfill it.”
Importantly, plaintiffs don’t always need to prove major financial loss. Lost time monitoring accounts or nominal damages can be enough to sustain a case.
Many assume breach litigation is reserved for massive incidents like Equifax. Not so, says Wood.
“It used to be that the plaintiff’s bar targeted really large breaches. Today, it’s very different. We’ve gone from millions of people in a class to literally maybe 600 or 700. Small to midsize businesses are absolutely in the target today.”
In fact, the number of breach-related lawsuits has skyrocketed: from a few hundred annually just years ago to nearly 1,500 cases filed last year.
With no breach case ever going to trial, settlement is the norm. Wood explained the key factors:
“Depending on class sizes, you may have different ranges. A class of 1,000 people could be valued at, say, $40 per person, while a class of a million could see pennies per person. It all depends on the sensitivity of the data and the size of the group.”
Wood outlined clear actions for SMB owners to mitigate risk:
“The most practical consideration I could think of is get a cyber insurance policy… something that’s going to protect you if you end up in the crosshairs of litigation.”
Adopt frameworks like NIST or ISO and conduct penetration tests to uncover vulnerabilities.
Ensure vendors follow security standards and build indemnification or insurance clauses into agreements.
“If I was a small to midsize business starting from scratch, I’d first say, ‘What do I have?’ You can’t measure risk until you assess what that risk may be.”
For SMBs, cyber incidents aren’t just IT problems—they’re legal liabilities.
“There’s chum in the water, and there’s money to be made. Small and mid-size businesses are absolutely in the target today,” Wood warned.
The clear message: prepare before you’re breached. By combining cyber insurance, security best practices, and strong contracts, SMBs can reduce the likelihood of becoming the next target in a rising wave of data breach litigation.
For more information about the SafeHouse Initiative and how you can protect your organization, visit safehouseinitiative.org.
