Cyber extortion

Cyber extortion typically involves one or more of the following:

• Ransomware: Malware encrypts your files and systems so you can’t access them unless you pay a ransom.
• Data theft and extortion: Attackers steal private information and threaten to publish it unless you pay.
• DDoS attacks: Cybercriminals overload your website or servers to force downtime until a ransom is paid.
• Social engineering: Attackers impersonate trusted contacts to gain access to systems or extort payments.

Even if you pay the ransom, there’s no guarantee the criminals will decrypt your files, return your data, or stop future attacks. That’s why prevention and backups are just as important as insurance.

A cyber insurance policy can help pay for costs that stem from an extortion incident. Coverage varies by insurer, but typically includes:

• Ransom payments (where legally permissible)
• Negotiation with cybercriminals through specialist firms
• Cybersecurity forensics to investigate the cause and scope of the attack
• Data restoration and system recovery
• Business interruption losses, if the attack shuts down systems and affects revenue
• Crisis communication and PR to help manage customer notifications and reputational harm
• Legal help related to privacy laws or customer claims

Cyber insurance is powerful, but it doesn’t cover every scenario. Most policies exclude:

• Data loss from non-cyber causes, such as hardware failure, power surges, or natural disasters (This often requires electronic data processing or electronic data liability coverage.)
• Physical property damage to computers or servers
• Incidents involving outdated or unsupported software
• Claims that fall under third-party or privacy liability if they're not included in your policy
• Business interruption during the “waiting period” before coverage activates

Policies may also require specific cybersecurity controls—such as multi-factor authentication (MFA), regular patching, or secure backups—to avoid claim denial.

Not all cyber losses affect only your business. If you handle client data or provide professional services (such as IT, consulting, accounting, or marketing), a cyber incident can also lead to liability claims from customers.

Here’s the difference:

• First-party cyber coverage: Protects your business from losses like ransomware, data restoration costs, or business interruption.
• Third-party cyber coverage: Protects you if a client sues because their data was leaked, stolen, or compromised as a result of your systems or services.

For many service-based small businesses, both types of coverage are essential.

When comparing cyber policies, you should look closely at the following:

• Cyber extortion limits: Is there a separate sub-limit for ransom payments?
• Business interruption coverage: How long is the waiting period before compensation begins?
• Data restoration coverage: Are labor costs for system recovery included?
• Incident response services: Does the insurer provide forensic experts, legal counsel, and PR support?
• Coverage for third-party liability: Important for any business handling client data.
• Exclusions and security requirements: MFA, patching, backups, endpoint security, etc.
• Coverage for social engineering: Often requires a special endorsement.

Understanding these details ensure you choose a policy that fits your risk, not just the lowest-priced option.

Following cybersecurity best practices is essential. Here are a few key strategies:

• Maintain an effective firewall and install antivirus software
• Train staff on email hygiene (i.e., don’t click links in the body of unknown emails or open attached documents or applications)
• Avoid clicking on pop-up ads while working on the internet
• Maintain multiple backups of all your data