Cyber extortion is a form of online criminal activity that occurs when hackers access computer systems and hold data hostage until a ransom demand is paid. These criminals can then threaten to release information to the public if a victim does not comply with their demands. This is a rapidly growing trend that is impacting businesses worldwide. Cybercriminals now employ sophisticated techniques allowing them to infiltrate computer networks, hardware, and software successfully.
Ransomware is an example of cyber extortion, where hackers download malware onto a computer that locks the user out. To remove the malware and regain access, businesses are forced to make a substantial financial payment to the hackers in order to obtain a decryption key to re-access their systems. What is more, organizations of all sizes can fall victim to ransomware.
The sophistication of ransomware attacks is evolving, which has been further enhanced by an increase in remote working due to the pandemic. Mobile devices have been targeted more, and ransomware-as-a-service is on the rise. The latter is a subscription-based model that allows hackers to run already-developed ransomware software to attack organizations.
Due to these recent sharp increases in ransomware attacks, and cyber extortion, it is critical that organizations are correctly protected. This means having the appropriate cyber insurance and reinsurance, in addition to ensuring businesses address their cybersecurity posture adequately. In 2020 almost 70% of US organizations that experienced a ransomware attack paid the demand. Towards the end of 2021, ransomware attacks were up by 148% from 2020, and the average payout by a mid-sized organization was $170,000.
How to Prevent Cyber Extortion?
There are several ways businesses can reduce the risk of cyber extortion, although the risk itself cannot be removed entirely.
Cyber Security – Organizations should ensure that they have adequate cybersecurity implemented, including antivirus software and firewalls. In addition, deploying endpoint detection software and multi-factor authentication across all devices is essential for maintaining cybersecurity standards.
Employee Awareness – It is vital to train employees on cyber security to help prevent potential cyber extortion attacks. For example, employees should be equipped to identify potential phishing attacks and be vigilant over clicking on suspicious links. Verizon’s 2018 Data Breach Investigations Report cites that phishing is involved in 70% of data breaches. Implementing a mandatory training program across many organizations is now considered standard practice.
Data Backups – Businesses should ensure that all of their sensitive data has been backed up sufficiently. This way, if they fall victim to a cyber extortion attack, they will still have the means to recover their data elsewhere. A particularly effective form of backup is an off-site backup method to a remote server, such as cloud backup.
Insurance – In the event of an extortion attack, organizations are often asked to pay a ransom in exchange for data. Appropriate cyber coverage will ensure that an organization is covered against cyber threats, including cyber extortion.
Does AM RE offer Extortion Coverage?
At AM RE, our cyber reinsurance policy can help cover the cost of business interruption losses, cybercrime, data breaches, and the cost of restoring the network, ensuring minimal financial and reputational damage in the case of cyber extortion.
We work as a reinsurance intermediary, offering Property Casualty treaty reinsurance traditionally using a Quota Share model. As capacity tightens within the cyber market, we recognize that alternative solutions are required. AM RE can provide a tailored approach to this class of business.