Three months ago, BBC News reported that IT security experts estimate there are now more than 120 variants of ransomware—malware that “hostages” data on a victim’s PC so that the hacker can demand a “ransom” for restoring affected files.

According to researchers monitoring the proliferation of this malicious technology, cases of online extortion are now on alarming levels, as attackers are leveraging on the ease, low risk, and high return of investment in using ransomware. We’re talking of almost $18 billion in ransom payments over the last year.

Cyber Insurance Uncovered

Cyber insurance works just like any other type of insurance. It provides coverage for any damage incurred by the policyholder.

In the case of cyber extortion liability insurance, the coverage includes losses due to a threat of extortion, as well as professional fees related to dealing with the extortion.

Based on insurance industry standards, the cyber extortion liability coverage provides for both first-party claims (where the insured makes claims against their own policy) and third-party claims (where others make claims against the insured).

Specifically, the losses or exposures that can be covered by an extortion liability policy may include:

  1. Information security and privacy liabilities resulting from failure to protect corporate or customer information.
  2. Costs associated with data breaches such as customer notification, public relations, and investigative costs.
  3. Loss of income due to inaccessibility of network systems.
  4. Liability as a result of customers failing to access a particular website on which their business depends.

Then again, as with any other insurance policy, there may be certain exclusions in the package. So, before buying your policy, ask these questions and discuss them with your insurance provider:

  • Are there security controls you can put in your system to reduce the insurance premium?
  • Will the policy cover for the loss of unencrypted data?
  • Will business interruption coverage be included?
  • How will the insurance company determine your organization’s security risks?
  • What is expected of you to reduce or limit the risks in your company?
  • What and how much difference will a claim make to your future premiums?
  • Will you get a reduction for each year that you do not file a claim?
  • In the event of an intrusion going undetected until after your coverage, could you still make a claim?
  • Will there be coverage if the breach is committed against your company’s third-party supplier?

Can Cyber Insurance Save You from Extortion Liability?

Many security groups are quite unanimous in their claim that companies are generally not responding as urgently as they should toward cyber extortion.

But, as data breach meltdowns spread, you might as well ask, is it time to invest in an extortion liability cover to protect your organization?

A cyber liability policy can be indispensable to organizations that typically handle large amounts of data, and are in need of data recovery services such as financial institutions, law firms, hospitals, universities, technology companies, government agencies, and the like.

Since businesses and organizations generally come with risks, getting a policy to mitigate relative costs is a highly sensible thing to do. Insurance providers, as well as their trusted partners in cybercrime response and resolution, can work together to ensure that clients can maximize their insurance coverage.

Not to mention, having coverage gives a company some way out of imminent bankruptcy due to data or systems breach.

A piece of advice, choose an insurer that fully understands your company’s needs and guarantees you protection from the complexities and costs associated with cyber extortion.


Vlad de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security. Outside the field, he is also a professional business and life coach, a teacher and a change manager. Vlad has set his focus on IT security awareness in the Philippines and he is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.