Cyber Extortion
Coverage for threats to release stolen data, disrupt systems, or cause harm unless payment is made to the threat actor.
What It Is
Cyber extortion is a broader coverage category than ransomware alone. While ransomware involves encrypting data and demanding payment for decryption, cyber extortion encompasses any threat by a malicious actor to harm the insured's systems, data, or reputation unless a demand is met. This includes threats to publish stolen confidential data, launch distributed denial-of-service attacks, or insert malicious code unless payment is received.
Most cyber policies bundle ransomware and extortion under a single insuring agreement, but the scope varies. Some forms cover only threats to systems and data, while others extend to threats of reputational harm, such as publishing embarrassing emails or proprietary business information. The extortion coverage typically pays for the extortion payment, negotiation expenses, and costs to assess and remediate the threat.
A key policy feature is the requirement to obtain the carrier's prior written consent before making any extortion payment. Insureds that pay without carrier consent risk having the claim denied. Carriers also typically require involvement of law enforcement and specialized extortion consultants from the carrier's approved panel.
Why It Matters for Brokers
Brokers need to understand the full scope of extortion coverage because threat actors are increasingly using data exfiltration and threatened publication rather than encryption alone. A narrow extortion clause that only covers system-disruption threats will leave a gap when the attacker's leverage is the threat to publish stolen data on the dark web. This distinction is becoming the most common gap in cyber placements.
Real-World Example
A law firm discovers that attackers have exfiltrated 2TB of client files including merger documents and litigation strategy memos. The attackers demand $1.5M or they will publish the files. The cyber policy's extortion coverage pays for a negotiation firm ($45,000), ultimately settling the demand at $600,000, plus $180,000 in forensic and legal costs to determine the scope of stolen data. Total claim: $825,000 against a $2M extortion sublimit.
Common Mistakes
- 1Assuming ransomware and extortion are identical coverages when extortion is broader and may have a separate sublimit.
- 2Failing to advise clients about the carrier consent requirement before any payment, which is a common basis for claim denial.
How brokerageaudit.com Handles This
brokerageaudit.com's Policy Checker parses cyber policy forms to distinguish between ransomware-only and broader extortion coverage, flagging policies where data-publication threats are excluded. The system also highlights carrier consent requirements in claim-triggering provisions so brokers can educate clients proactively.