Cyber extortion is becoming a growing threat to individuals and businesses both in the United Kingdom and on a global basis.
There are a number of types of cyber extortion threat which come in many forms:-
l.Denial of Service Attacks
This involves the disabling of a website by overloading it with requests from a number of computers causing the target website to crash. The type of attack will vary depending on the objective of the attack, typically these will be commerce websites. who have revenue generating websites, namely retailers, financial services, gambling , on-line casinos and bitcoin exchanges.
2. Stealing Confidential Information
Once a computer system has been been compromised , cyber extortionists are likely to notify the company and demand money , with the threat of releasing data in the public domain. This can cause interruption to the business, reputational damage and financial loss.
This is in the similar vein as blackmail where victims can be are targeted with fake social media accounts. The extortionists will then engage with the target by way of conversation which will become inappropriate and may lead to unsavory sexual behaviour over a webcam, this is recorded and then utilised as blackmail ploy.
Ransomeware is a form of malicious software which attacks a victims computer software and encrypts the data contained or locks the computer. This denys the victim access to their computers and data within their network.
5. Mobile Devices
According to a report by Pulse Secure , mobiles and tablets who operate on Android do contain mobile malware which is now becoming more sophisticated. An example of this is Simplocker which once installed, has located and encrypted files and then the files decryption is ransomed.
Recent Cyber Extortion Incidents
Ashley Madison is one of the most recent high profile cyber extortion cases where data was stolen consisting of personal information of the extramarital affairs website’s. The hackers threatened to release users’ names and personally identifying information if Ashley Madison was not immediately shut down.
The United Kingdom is not immune from cyber extortion threats, it was rumoured that the Talk Talk breach involved an extortion demand . This October a Scottish hairdressing firm was hit with a ransom demand by hackers who managed to lock the company database and threatened to delete vital information …. a cyber extortionist does not discriminate between sector and the size of a business.
Does a Cyber Liability Insurance policy cover this ?
A standard Cyber Liability Insurance policy will provide coverage for the ransom reward and negotiation costs and fees associated with the extortion event. This coverage module for this element of coverage is sometimes sub-limited within the policy, although it is possible to negotiate higher limits should these be required.
Cloud Security Alliance recently carried out a survey which identified that 14% of companies would pay a ransom in excess of $1M. One of the factors that companies take into account as to whether they pay a ransom is if the company has insurance or not. 28.6% of companies that held cyber liability insurance stated that they would pay a ransom, in relation to 22.60% of companies without this form of insurance.