What is cybextortion?
In a typical cyberextortion attack, criminals hack into a business’s hardware or software systems to steal data, disable websites, and shut down computers and servers. The hackers will demand that you pay them to return data or restore disabled systems and applications.
Common cyberextortion attack methods
Hackers typically gain access to your business’s data or systems by using two main attack methods:
In this type of cyberextortion scheme, criminals trick employees into clicking on a malicious link or attachment in an email. The ransomware then spreads through your business’s network, encrypting data, files, servers, and applications so that you can’t access them. The hackers usually demand a ransom for the encryption key and may threaten to expose stolen data online if a victim refuses to pay.
Distributed denial-of-service (DDoS) attack
A DDoS attack involves hackers flooding a web server or network with so much Internet traffic that it takes it out of service. Hackers know that disabled servers mean lost revenue and customers, and they will threaten to keep your systems offline until you pay the ransom.
Types of businesses that criminals target
Any business that stores digital data, operates websites, or uses external or internal applications can fall victim to a cyberextortion attack.
E-commerce businesses are particularly vulnerable to cyberextortion attacks since their revenue comes from online sales. But hackers can damage businesses in other industries by disabling customer relationship management systems or databases.
How to avoid being the victim of a cyberextortion scheme
Cyberextortion threats are a growing problem, but you can take steps to prevent them. Protect your business from hackers by:
- Using a firewall and updated antivirus software
- Backing up all data
- Training staff on best IT security practices, including not clicking on links or email attachments from unknown senders
- Conducting background checks on employees and immediately disabling network access when they leave the company
- Purchasing cyber liability insurance
How cyber liability insurance protects against cyberextortion
While cyber liability insurance primarily protects against financial damages and lawsuits caused by data breaches, you can usually modify the policy to cover cyberextortion attacks. Cyber liability insurance comes in two forms: first-party policies and third-party policies.
First-party cyber liability insurance
This type of coverage protects your business and assets from damage caused by a cyberattack on your company. First-party cyber liability insurance will help pay for the costs of:
- Paying a hacker’s ransom demand
- Hiring outside attack remediation consultants
- Restoring damaged computer systems
- Notifying affected customers about a data breach and providing them with credit monitoring services
Third-party cyber liability insurance
If your company is responsible for another business's cybersecurity or for keeping its information secure online, your company could be blamed for failing to prevent a data breach or cyberattack. If the business holds you liable and sues, third-party cyber liability insurance can cover your:
- Attorney's fees and court costs
- Client settlements
- Damages if your business is found liable in court
Get free quotes and compare policies with TechInsurance
TechInsurance helps small business owners compare business insurance quotes with one easy online application. Start an application today to find the right policy at the most affordable price for your business.