Coercion in cybersecurity extends beyond mere social engineering by incorporating a strong element of duress or threat, forcing an individual to act against their better judgment or organisational policy. Attackers leverage psychological vulnerabilities, fear, or a desire to avoid negative consequences—real or perceived—to manipulate targets into compromising security.

What is Coercion in Cybersecurity?

Coercion involves the use of threats, intimidation, or undue psychological pressure to compel individuals—often employees—to bypass security protocols, divulge sensitive information, or perform actions against their will that compromise an organisation's security. Unlike traditional social engineering that relies on deception and manipulation, coercion specifically employs duress to achieve malicious objectives.

This can manifest in several forms:

• Blackmail: Threatening to expose sensitive personal information
• Threats of reputational damage: Promising to harm someone's professional standing
• Job loss threats: Implying negative career consequences
• Physical harm: Threatening the individual or their loved ones

Why is Coercion Effective in Cyber Attacks?

Coercion exploits fundamental human psychology, making it particularly effective because:

• Fear response: When threatened, individuals often make decisions based on immediate self-preservation rather than long-term consequences
• Isolation: Victims often feel too ashamed or frightened to seek help
• Authority perception: Attackers may impersonate authority figures to amplify pressure
• Time pressure: Coercive demands typically include urgent deadlines, preventing careful consideration

Coercion plays a critical role in insider threats, where employees are pressured into facilitating data breaches, installing malware, or providing unauthorised access.

Which Coercion Tactics Are Most Common in Cybersecurity?

Common coercion tactics include:

• Sextortion: A cybercriminal threatens to release embarrassing personal photos of an employee online unless they provide company network login credentials
• Executive blackmail: An attacker uses information gathered from public social media to blackmail a high-ranking executive into approving a fraudulent wire transfer
• Family threats: Threatening harm to an employee's family members to force compliance
• Financial coercion: Exploiting known financial difficulties to pressure individuals into cooperation

How to Identify Coercion Tactics in Cybersecurity?

Recognising coercion attempts is crucial for defence. Warning signs include:

• Unsolicited communications containing personal information about you
• Demands coupled with explicit or implied threats
• Unusual urgency or pressure to act immediately
• Requests to bypass normal security procedures
• Communications asking you to keep interactions secret

When Should You Report a Coercion Attempt?

Report coercion attempts immediately when:

• You receive any communication containing threats
• Someone attempts to pressure you into providing access or information
• You notice a colleague behaving unusually or under apparent stress
• You become aware of potential blackmail material being used against anyone in your organisation

Defending Against Coercion

Organisations can mitigate coercion risks through:

• Security awareness training: Regular training programmes that specifically address coercion scenarios
• Strong support systems: Confidential reporting channels and employee assistance programmes
• Clear reporting mechanisms: Established procedures that empower employees to report pressures without fear of reprisal
• Zero-blame culture: Ensuring victims feel safe coming forward

For more information, consult resources from the NIST Cybersecurity Framework, CISA, and the SANS Institute Security Awareness Training.