Cyber extortion refers to a situation in which a third party threatens that if an organization does not pay money, or take a certain action, the third party will take an adverse action against the organization. Among other things, threats may include exploiting a security vulnerability identified by the extorter, reporting the organization’s security vulnerability to the press, or reporting the organization’s security vulnerability to regulators.
Below is a checklist for organizations that are confronted by a cyber extortion demand.
The following provides a snapshot of information concerning cyber extortion.
The number of entities that reported being victimized by cyber extortion over a six month period.1
Estimate of the percentage of cyber extortion cases that are not reported.2
$2,500 - $100,000
Range of unsolicited demands related to alleged security vulnerabilities made to Bryan Cave clients between 2014 and 2015.
 NYA International, Cyber Extortion Risk Report (Oct. 2015) at 3.