Article June 14, 2021

What is cyber extortion insurance?

Cyber crime and extortion is a global issue, affecting businesses of all sizes and across all industries. While businesses can take steps to improve their cyber security, cyber crime and extortion insurance can be an invaluable tool to help businesses recover more swiftly and effectively in the event of an attack.

What is cyber extortion?

Cyber extortion most often involves a criminal making a ransom demand from businesses using the threat of malicious activity on business systems or information. Cyber crime insurance cover, also often referred to as cyber extortion coverage, cyber theft insurance, or cyber threat insurance, is designed to protect any business who uses technology from such attacks.

The threat of cyber crime can be reduced with the right digital security practices and awareness. However, the risk of cyber attacks can never be removed entirely. With cyber criminals conducting attacks with increasing sophistication, investing in cyber extortion coverage can protect a business’s digital assets should a criminal manage to bypass cybersecurity measures. 

Cyber crime insurance can also mitigate the level of damage caused by a cyber attack, and provide financial and strategic support to affected businesses to help them get back on their feet quickly.

Who is cyber crime insurance for?

With cyber attacks becoming more involved and multifaceted, cyber crime insurance is something that every business who uses technology to store information or conduct business practices should consider. 

While cyber crime insurance is particularly valuable to businesses who handle sensitive information or large amounts of capital on a daily basis, such as healthcare providers or financial institutions, one of the biggest mistakes an organization can make in cyber security is assuming that they will not be a target. This is often the case with smaller businesses. Studies have placed the cost of cybercrime on SMEs to be in the billions annually, which may be influenced by the general misconception that they are less of a target for cyber criminals, making their cyber defenses easier to infiltrate.

One of the biggest mistakes an organization can make in cyber security is assuming that they will not be a target.

At CFC we have developed specific cyber insurance offerings to meet the requirements of organizations of different sizes. Our Private Enterprise Cyber Insurance covers SMEs and our Large Corporate Cyber Insurance is designed with the needs of larger organizations in mind. For companies who are looking for an additional limit to their existing cyber insurance policy, we are also able to provide Cyber Excess Cover, with full access to risk management services.

How cyber extortion coverage can help

Cyber extortion coverage can help to protect businesses against losses and provide support to mitigate the impact of cyber attacks, so organizations can get back to business as usual. 

Depending on the type of coverage that a cyber crime insurance policy provides, businesses can expect cover ranging from financial payouts to help recover lost capital or repair damaged equipment as a result of cyber extortion, to access to cyber risk management services and additional protection for directors and officers. 

CFC’s cyber insurance products offer comprehensive coverage, helping to protect businesses against a range of cyber threats across cyber crime, data breaches and system interruption.

Our vast experience across a range of industries, and our understanding of their unique cyber risk profiles, ensures we can provide effective coverage that addresses the cyber risks faced by businesses today.

What does cyber extortion insurance coverage do?

Cyber crime insurance by design covers any losses incurred by businesses or relinquished to extortionists as a result of a cyber attack. Depending on the level of coverage, cyber crime insurance can provide cover in the event of: 

  • Ransomware and other malware attacks
  • Theft of funds through wire transfer fraud and other phishing scams
  • Denial of service attacks
  • Business interruption caused by system downtime or malicious cyber events
  • Damage to business devices or software as a result of a cyber attack
  • Data breaches as a result of employee theft
  • Data breaches occurring as a result of the loss of business devices and hardware

How to reduce cyber security risks

While the risk of a cyber attack cannot be completely removed, there are measures that can be taken to reduce the risk of such attacks occurring, as well as the impact of attacks if they should occur. 

Businesses should invest in basic cyber security software, implement multi-factor authentication across networks and devices, and close open RDP ports. By offering a range of proactive risk management tools and threat intelligence alerts, our cyber insurance policy can also help plug the cyber security gap. 

Employee training is also a crucial part of cybersecurity. Employees can often act as the final line of defense, especially in the event of an email phishing attack, which will aim to target business employees directly. Provide regular cyber security training to employees to keep them up to date with any new trends in cyber attacks or updates to cybersecurity protocol to maintain consistency across the organization. 


Provide regular cyber security training to employees to keep them up to date with any new trends in cyber attacks or updates to cybersecurity protocol to maintain consistency across the organisation.

Additionally, encourage all personnel to update passwords regularly on company devices, ensuring that passwords are unique for different applications. 

To help manage the aftermath of a cyber attack, backup all business data regularly and store offline in an external location. In the event of loss of data through a cyber security breach, information can be easily and quickly recovered from the last save. It is advisable to update data on a weekly or even daily basis to minimise information loss.

Cyber extortion coverage FAQs

  1. Why do small businesses need cyber extortion and cyber crime insurance?

    A ransomware attack or other cyber event often cause significant system downtime and rectification costs. That's why any business, regardless of size, can benefit from cyber security protocols and cyber extortion and cyber crime insurance cover if they rely on technology for business processes. 

    Small businesses can be particularly vulnerable in some instances, especially if they assume that they will not be a target and do not adequately protect themselves. Cyber extortion insurance can offer valuable financial support to help small businesses recover in the event of a cyber incident or privacy breach.

  2. How much does cyber extortion insurance cost?

    The price of cyber extortion insurance will vary according to business size and industry, but is still very competitively priced in relation to the risk cyber and privacy events create. 

    Certain industries, such as those dealing with high volumes of sensitive data, financial information, or capital on a daily basis are more of a target for cyber criminals. They present greater potential gain for cybercriminals and breaches can halt a large number of business operations.

    If you are a broker looking for a quote for our cyber and privacy insurance cover, speak to a member of our cyber underwriting team today.

  3. What type of business has the most cyber crime vulnerabilities?

    While cyber criminals will often target organizations that handle large amounts of sensitive data or capital, such as those in the healthcare industry, financial service institutions, government agencies, and energy companies, they are by no means the only target. 

    Small businesses are also highly vulnerable to cyber attacks and data breaches as they often lack the cyber security expertise to provide adequate protection.

    What's more, we're seeing a surge in businesses with almost no privacy exposure at all, such as those in construction or transportation, because they are still susceptible to ransomware events and cyber crime. 

Want to learn more about CFC’s cyber policy? Visit our product page or check out our other great cyber-related resources.