An insuring agreement contained within some policies written
to cover claims associated with data breaches. Such policies are
most often termed "cyber and privacy insurance," "information
security and privacy insurance," and "cybersecurity insurance."
This insuring agreement covers the costs associated with a cyberextortion
event (e.g., an insured receives an e-mail stating that the extortionist
will introduce a virus into the insured company's website unless
the company pays a $10 million ransom). The costs covered by this
insuring agreement include (1) monies paid to meet extortion demands,
(2) the cost of hiring computer security experts to prevent future
extortion attempts, and (3) the expenses charged by professionals
to deal/negotiate with cyberextortionists.
A few insurers do not offer cyberextortion coverage (also known
as "e-commerce extortion coverage") because similar protection is
available under kidnap and ransom insurance policies.
Similar to other cyber and privacy insurance policies, cyberextortion
coverage is subject to an annual aggregate limit and an annual aggregate
deductible. See also
Cyber and privacy insurance;
Links for IRMI Online Subscribers
PracRisk, Topic G–33,