Cyber-extortion coverage is an insuring agreement contained within some policies written to cover claims associated with data breaches.
Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," and "cyber-security insurance."
The insuring agreement covers the costs associated with a cyber-extortion event (e.g., an insured receives an email stating that the extortionist will introduce a virus into the insured company's website unless the company pays a $10 million ransom). The costs covered by this insuring agreement include (1) monies paid to meet extortion demands, (2) the cost of hiring computer security experts to prevent future extortion attempts, and (3) the expenses charged by professionals to deal/negotiate with cyber-extortionists.
A few insurers do not offer cyber-extortion coverage (also known as "e-commerce extortion coverage") because similar protection is available under kidnap and ransom insurance policies.
Similar to other cyber and privacy insurance policies, cyber-extortion coverage is subject to an annual aggregate limit and an annual aggregate deductible.