https://www.insurerbrain.com/w/index.php?action=history&feed=atom&title=Definition%3ACyber_extortionDefinition:Cyber extortion - Revision history2026-06-17T13:04:06ZRevision history for this page on the wikiMediaWiki 1.43.8https://www.insurerbrain.com/w/index.php?title=Definition:Cyber_extortion&diff=8846&oldid=prevPlumBot: Bot: Creating new article from JSON2026-03-11T04:40:29Z<p>Bot: Creating new article from JSON</p>
<p><b>New page</b></p><div>🔒 '''Cyber extortion''' is a category of [[Definition:Cyber risk | cyber risk]] in which a threat actor demands payment — typically in cryptocurrency — in exchange for not carrying out or continuing a malicious action against an organization, such as deploying [[Definition:Ransomware | ransomware]], releasing stolen data, or launching a sustained denial-of-service attack. Within the [[Definition:Cyber insurance | cyber insurance]] market, extortion-related losses have become one of the most significant and volatile cost drivers, reshaping how [[Definition:Underwriting | underwriters]] evaluate risk, set [[Definition:Insurance premium | premiums]], and structure [[Definition:Policy terms and conditions | policy terms]]. Cyber extortion coverage typically sits within a broader cyber policy as a dedicated insuring agreement, addressing ransom payments, negotiation costs, and associated business disruption.<br />
<br />
💻 When a policyholder suffers an extortion event, the [[Definition:Cyber insurance | cyber policy's]] incident response mechanism activates. The insurer's designated [[Definition:Incident response | incident response]] panel — which usually includes forensic investigators, legal counsel specializing in [[Definition:Data privacy | data privacy]], and professional negotiators — works with the insured to assess the credibility of the threat, contain the attack, and determine whether payment is advisable and lawful. Payment legality is a critical consideration: regulations from the U.S. Office of Foreign Assets Control (OFAC) and equivalent bodies elsewhere prohibit transactions with sanctioned entities, meaning insurers must screen threat actors before authorizing any ransom reimbursement. [[Definition:Claims adjuster | Claims teams]] also evaluate the downstream costs covered under the policy, including [[Definition:Business interruption insurance | business interruption]] losses, data restoration expenses, and [[Definition:Third-party liability | third-party liability]] arising from compromised customer information.<br />
<br />
⚠️ The surge in extortion attacks has forced the cyber insurance market through several hard cycles of [[Definition:Premium rate | rate]] increases and tightened [[Definition:Underwriting guidelines | underwriting requirements]]. Carriers now routinely mandate minimum [[Definition:Cybersecurity | cybersecurity]] controls — such as [[Definition:Multi-factor authentication (MFA) | multi-factor authentication]], endpoint detection and response, and tested backup protocols — as preconditions for coverage. Some [[Definition:Reinsurance | reinsurers]] have introduced sub-limits or co-insurance provisions specifically for extortion losses to manage their aggregation exposure. For insureds, the availability and breadth of extortion coverage has become a litmus test for organizational cyber maturity: businesses that cannot demonstrate baseline security hygiene increasingly find themselves facing exclusions, prohibitive pricing, or outright declinations.<br />
<br />
'''Related concepts:'''<br />
{{Div col|colwidth=20em}}<br />
* [[Definition:Cyber insurance]]<br />
* [[Definition:Ransomware]]<br />
* [[Definition:Cyber risk assessment]]<br />
* [[Definition:Incident response]]<br />
* [[Definition:Business interruption insurance]]<br />
* [[Definition:Cybersecurity event]]<br />
{{Div col end}}</div>PlumBot