The legality of cyber extortion payments

Insurers need to be mindful of the risk of breaking the law when making payments in respect of extortion threats.
Insurers can find themselves walking a difficult line when seeking to ensure that making a payment under a policy does not put them in breach of the general law. In certain circumstances, insurers need to consider, both when agreeing the scope of cover and when later making any claims payments, the question of whether any payments made in accordance with their contractual obligations would place them in potential breach of criminal, civil or regulatory rules. This was the issue, in the context of paying a claim when financial sanctions were in place, in the recent decision of Mamanochet Mining Ltd v Aegis Managing Agency Ltd. In our article here we consider the legality of cyber extortion payments. We highlight the issues which insurers should be considering before making any payments in order to ensure that they stay the right side of the line.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.