Major data breaches and recent, audacious Distributed Denial of Service (DDoS) attacks exploiting the Internet of Things (IoT) may be the cybercrimes making headlines. Yet, today the fastest growing cyber risk is something different: extortion. Our Europe, Middle East, and Africa cyber claims data reveal that ransomware extortion caused 16% of claims from 2013 - 2016, with an additional 4% of claims stemming from other forms of cyber extortion. Meanwhile, data breaches by hackers caused only 14% of cyber claims.
Financial Lines Major Loss Adjustor Kathy Avery offers the example of an online business that discovered ransomware had entered their system and encrypted their files. The business was unable to contact customers and access invoices, and so the firm decided to pay the ransom in order to unlock their files. This was a small business—it did not have a significant amount of sensitive data that could have been compromised in the attack. Large companies face the additional risk of data release in the event of cyber extortion: “In some of these attacks, they use a SQL injection. They can take data out and threaten to publish the data unless you pay the ransom,” says Avery.
We thought you might be interested in learning more about:
The severity of a cyber extortion attack on a company depends on several factors, including the type of business, the level of business interruption, and the need for forensic investigation. It should be noted that ransom demands for this type of attack still tend to be relatively small; nevertheless, given the high frequency of attacks, extortion represents a lucrative, relatively straightforward way for cyber criminals to access ‘fast cash.’