‘Big Game Hunting’ – the new face of cyber extortion?
According to a recent article by cyber response firm Storm Guidance, ransom attack methods have been steadily moving away from widespread attacks towards ‘Big Game Hunting’. But what is it, and why does it matter to insurers?
What is ‘Big Game Hunting’?
Big Game Hunting is a general term used to describe cyber attacks (and, in particular, ransomware attacks) which attack specific high value targets who have a higher ransom potential. That ransom value may be driven by the particular harm - financially, operationally or reputationally – that could be caused to that particular target. Cyber criminals have calculated that such victims are not only more likely to pay a ransom, but are also likely to be prepared to pay a higher ransom, than other victims.
One particular method of big game hunting which is increasing in frequency is the use of ‘data extortion attacks’. In a data extortion attack, cyber criminals will access data belonging that is particularly sensitive or of extra value to the victim. The cyber criminals will then charge a ransom for the data to be released. In some cases, where the data may also be of value to others, the data will be sold by the cyber attackers at an auction to which anyone who may be interested in the data will be invited. The invitees will include the victim, who must outbid everyone else in order to buy back their own data.
According to Storm Guidance the data being stolen can take many forms including trade secrets, client databases, political and military secrets.
Why does this matter to underwriters?
It is important for cyber underwriters to stay up to date with ever-changing attack methods used by cyber criminals. The potential move towards ‘big game hunting’ as an attack vector may require more specific and detailed underwriting for businesses or individuals who may be particularly valuable to cyber criminals.
Additionally, the increased focus on data as the target for ransomware attacks may necessitate additional underwriting questions as to the amount and nature of data held by a proposer, together with information as to how that data is protected. In some cases, additional wordings protections may be required in the form of more specific exclusions and obligations.
Contents
- The Word, December 2022
- (Another) case on insurers’ duty to defend
- Comply with policy terms – or pay the price
- IDD – application of the ‘duck test’
- Public liability register – is it (finally) on the way?
- Drafting policy limits – precision is key
- Official statistics demonstrate a new wave of age discrimination claims
Contact
Tim Johnson
Partner
tim.johnson@brownejacobson.com
+44 (0)115 976 6557
You may be interested in...
Published Article
English Commercial Court rules against Russian exclusive jurisdiction clauses
Legal Update
The Baltimore bridge collapse: One of the biggest losses in maritime insurance history?
Legal Update
The EU AI Act: What does it mean for insurers?
Legal Update
FCA and FOS set out strategic plans for 2024 and beyond
Legal Update
The space data revolution
Legal Update
New guidance on supporting autistic customers for the insurance industry
Legal Update
Chubb ordered to indemnify SXSW for Covid cancellation
Legal Update
Understanding the ICO's new fining guidance
Legal Update
Unravelling the challenges and opportunities in UK sports governance
Press Release
Browne Jacobson advises European micromobility insurtech Laka on investment from Achmea Innovation Fund
Legal Update
Cyber-attacks in UK universities: Why failing to prepare is no longer an option
Legal Update - The Word
The Word, March 2024
Opinion
Caregivers at work: Navigating new carer's leave regulations
Legal Update
Commercial Court considers requests for stay or anti-suit injunction where two competing reinsurance wordings
Opinion
EHRC publishes new guidance on menopause and the workplace
Legal Update
Parametric flood policies - Insurers no longer in uncharted waters?
Legal Update
LockBit unlocked: International taskforce takes down major cyber criminal organisation
Legal Update - Consumer Duty
80% of GAP market pause sales amid Consumer Duty concerns
Legal Update
FCA writes to MPs over car insurance premiums. What do increases mean for fraud?
Legal Update
Biodiversity Net Gain: A new landscape for restoration clauses
Legal Update
The regulators’ pet project
Legal Update
Welsh Government inks new regulations for Acupuncture, Body piercing, Electrolysis and Tattooing
Legal Update
Insurance and the escalating situation in Suez Canal
Legal Update
Update: Further debates on the Automated Vehicles Bill in the House of Lords this month
Legal Update - The Word
The Word, February 2024
Legal Update
The Home Affairs Committee launched another inquiry into fraud - Stop! Think Fraud
Legal Update
Progress on the Automated Vehicles Bill
Legal Update - The Word
The Word, January 2024
Legal Update
Voldemort causes havoc at Sellafield – nuclear risks and insurance policies
Legal Update
A blow to manufacturers as Thai Court confirms insurers’ denial of cover in wind turbine case
Legal Update
Adapting to change or falling behind? The FCA under fire from the National Audit Office
Legal Update
Premium finance – a poverty premium
Legal Update
'Clear and unambiguous' exclusions: Cameron Soule v Woodward Design + Build LLC
Legal Update
Follow the leader: Insurers using algorithmic underwriting
Legal Update
Insurance Insights 2024
Legal Update
Statutory assignment to insurers not caught by no-assignment clause
Legal Update
Court of Appeal decision again demonstrates the need for reform of the Solicitors Minimum Terms
Legal Update - The Word
The Word, December 2023
Legal Update - London Market Quarterly
London Market, Autumn 2023: What the insurance market needs to know
![Al Mana Lifestyle Trading L.L.C. & Others v United Fidelity Insurance Company PSC & Others [2023] EWCA Civ 61 – Update](/getattachment/b24270a8-0bb3-4a8a-bcf0-37830f99591b/shutterstock_710149084_6x4.jpg?variant=HeroImageTabletVariantDefinition)