Third-party litigation funding (TPLF) has increasingly been lurking in the shadows of lawsuits by providing an influx of capital to plaintiffs, largely without any required disclosures. As a result, TPLF is a hidden force, and defendants and insurers—particularly in the cyber insurance world—must contend with its growing influence on litigation strategy, duration, and resolution.
On Feb. 7, 2025, the Litigation Transparency Act was introduced in the U.S. House of Representatives. This legislation would require parties in federal civil proceedings to disclose third-party litigation funding agreements. Until such transparency becomes required, and state legislation also becomes the norm, cyber insureds and insurers can work together to address TPLF.
What Is TPLF?
At its core, TPLF involves an outside investor (or consortium of investors) who advances money to plaintiffs or plaintiffs’ attorneys in exchange for a share of any ultimate settlement or judgment in a lawsuit, even though the funder has no involvement or stake in the underlying dispute. Such financing helps claimants who lack the means to pursue legal remedies, while maximizing investment returns for funders.
The use of TPLF is quickly rising. TPLF investment in litigation totaled $17 billion globally in 2021, and is projected to reach $31 billion by 2028, with funders targeting “commercial litigation with a high expectation of success more than ‘David and Goliath’ cases that might expand access to justice,” according to a 2021 Swiss Re report. TPLF carries considerable appeal for investors because it is largely uncorrelated with broader market forces or macroeconomic risks. In addition, annual returns can surpass 20%, beating out traditional investments by a significant margin, notes Triple-I.
Despite its growing size, TPLF largely remains an invisible hand. Legal complaints contain no language that would indicate plaintiffs are being bankrolled by a third party. Moreover, even if that information is sought through discovery, litigation funding agreements are often not discoverable in court, making it difficult for policyholders, defense counsel, and insurers to gauge the true financial picture behind a lawsuit. By contrast, insurance policies typically must be disclosed, creating an unlevel playing field.
However, legislation is taking shape in response to the rise of TPLF. Rep. Darrell Issa (R-California) introduced the Litigation Transparency Act, which is a significant bill that aims to increase transparency. If this federal act is passed, states will likely follow suit. In fact, some states have already begun to introduce legislation requiring increased transparency related to TPLF. States that have enacted such legislation include Montana, Indiana, Louisiana, and West Virginia.
Some federal courts, such as the U.S. District Court for the District of New Jersey, have adopted a standing rule requiring the disclosure of TPLF, but the majority of courts do not presently require such disclosure.
WHY Are Cyber Claims Uniquely Vulnerable?
Cyber claims are rapidly emerging as fertile ground for TPLF. Recently, litigation has yielded plaintiff-friendly case law and large verdicts and settlements, particularly in the subcategory of cases based on consumer privacy protection statutes, which constitutes a significant portion of third-party cyber liability. Courts have become increasingly receptive to plaintiffs’ damages theories in such litigation. Previously, plaintiffs struggled to establish “concrete harm,” especially when alleging future identity theft or emotional distress. However, since Spokeo v. Robins, 578 U.S. 330 (2016), lower courts increasingly recognize intangible harms like anxiety or mitigation costs.
Statutes like California’s Invasion of Privacy Act (CIPA) also allow statutory damages without proving actual harm, fueling a wave of class action filings and mass arbitration demands. Settlements for CIPA claims can reach into the tens or even hundreds of millions of dollars. This type of litigation is relatively new and differs from the typical data breach cases that cyber insurance was created to address. As new forms of technology have emerged—particularly AdTech like pixel trackers—plaintiffs’ attorneys have responded by filing various lawsuits under new laws like CIPA, and by advancing novel theories under old laws, like the Video Privacy Protection Act (VPPA), to assemble large class action claims based on alleged privacy violations concerning website activity.
Companies’ public websites often disclose privacy practices that can be quickly scrutinized for technical or statutory breaches, and widely publicized data breaches provide a ready pool of potential plaintiffs. As a result, funders can identify and assemble large classes with minimal effort, frequently involving low barriers to entry for would-be claimants.
Many of these cases hinge on relatively straightforward violations— such as minor technical noncompliance with privacy laws—that are easier to prove, and less reliant on demonstrating complex or individualized harm. Moreover, when they are victims of cyberattacks, well-known corporate defendants with brand reputations to protect are perceived as particularly vulnerable and well-funded targets.
Cyber claims may also draw interest from non-traditional litigation funders, including foreign competitors seeking access to a U.S. company’s proprietary information through broad discovery rules. By bankrolling privacy class actions, these entities can potentially circumvent U.S. intellectual property protections, using the litigation process to obtain valuable trade secrets or other sensitive data. Just last year, Samsung Electronics Ltd. Co. sought relief in a Texas federal court arguing that Chinese litigation funder Purplevine misused confidential information handed over in discovery, as reported by Law360.
Collectively, these factors make it increasingly likely that cyber insurers and their policyholders will find themselves embroiled in litigation shaped by third-party funders. Carriers and defense counsel should remain vigilant in spotting the influence of external funding and adapt their strategies accordingly.
How Does TPLF Drive Up Cyber Costs?
TPLF inflates the cost of litigation for everyone. The growth of TPLF is not just fueling more lawsuits; it is also pushing the price tag on litigation to new heights. A recent Risk & Insurance article highlights how TPLF accelerates “social inflation,” wherein the cost of handling and resolving claims is increased by factors other than normal economic forces, such as legal developments and behavioral changes.
TPLF heightens social inflation with cyber claims, especially those involving privacy law violations, which were already attractive targets for the plaintiffs’ bar and heavily litigated, by further increasing the appeal and costs. TPLF relieves plaintiffs’ attorneys of the pressure to balance the up-front costs of litigation against the potential for a windfall upon settlement or judgment, and makes it more lucrative to engage in protracted litigation through expert discovery, summary judgment, and trial. Essentially, TPLF permits attorneys to focus on the legal work and not the finances of litigation.
Claimants who do not feel time pressure or financial pressure to settle are less likely to come to the negotiation table in the first instance, and the overall value of settlements is likely to go up as a result. Further, because there is an unlevel playing field—in that insurance must often be disclosed, while the presence of TPLF may be unknown—TPLF can leverage policy limits, while policyholders and insurers are left unaware of the true parameters of the negotiation.
Generally, policyholders as defendants may seek to avoid trial in part because of the public nature of the proceeding. To the extent the TPLF agreement is undisclosed or not discoverable, litigation funders do not have the same concern.
TPLF has already targeted other lines of insurance, including commercial auto, D&O, professional liability, and product liability, with at least one commercial auto insurer reportedly exiting the commercial auto line due to the burden of litigation, as reported by Leader’s Edge. This cautionary example underscores how quickly litigation expenses can spiral when heavily financed by third parties.
Litigation funders may be initially paying costs for the promise of a favorable return on investment, but the extra expense is ultimately borne by policyholders, consumers, and insurance carriers. As more funders seek out profitable cyber lawsuits, insureds and insurance professionals should remain vigilant and prepare for the continued escalation of claim expenses in an environment shaped by often unseen investors.
How Can the Cyber Insurance Market Respond?
The cyber insurance market can and should evolve alongside the risk imposed by TPLF.
The first line of defense against TPLF’s impact is to proactively reduce risk before it leads to litigation. Insureds should also be encouraged to develop comprehensive risk management strategies and strengthen existing practices, particularly to thwart plaintiff firms and investors looking to profit off the recent trend of website tracking claims. Mitigating risk before it can occur is one of the most impactful ways in which the cyber insurance market can respond to the increasing challenge of TPLF.
Carriers can be mindful of TPLF’s impact, and appropriate initial claim management and response infrastructure can help. In that same vein, it is crucial to hire defense counsel who are experienced in responding to the involvement of TPLF.
Finally, as a claim unfolds, carriers and defense counsel should attempt to determine whether the plaintiffs are being supported by TPLF. Proposed federal and state legislation should serve to aid in this task if enacted. But until then, the parties should try to gather such information either informally or through initial discovery.
TPLF poses significant challenges in the cyber insurance world, as funders are showing increased interest in cyber and privacy claims. It has become increasingly common for insurers and policyholders to find themselves involved in litigation with outside funders whose incentives are different from those of underlying plaintiffs. TPLF continues to heighten social inflation, and will likely drive up the cost of litigation and dispute resolution.
However, the cyber insurance market is not without recourse. The federal Litigation Transparency Act, as well as state legislation, could significantly change the course of TPLF’s impact on the industry by mandating increased transparency. Through stronger risk mitigation tactics, claims management and heightened awareness, policyholders and carriers can continue to pull back the curtain on TPLF.
This article is intended for general informational purposes only. Markel and Tittmann Weix do not assume any obligation to update this publication as a result of new information, developments, or otherwise. Furthermore, Markel and Tittmann Weix do not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on this content.
About the Authors:
Matthew Bricker, partner; and Tyson Burns, senior counsel, are with Tittmann Weix. mbricker@tittmannweix.com; tburns@tittmannweix.com
Shevani Jaisingh is associate general counsel at Markel. shevani.jaisingh@markel.com