Paying ransom to avoid GDPR fine an unwise gambit
By 
Neil Hodge2023-09-07T13:21:00
Companies that think paying ransomware demands would be a better move than informing regulators of a data breach are playing with fire, according to experts.
Recent reports have indicated a cybercrime group called “Ransomed” is trying to persuade the companies it hacks that paying its cut-price ransom demands quickly—and quietly—outweighs any fine a data protection authority (DPA) might levy for breaching privacy rules such as the European Union’s General Data Protection Regulation (GDPR).
However, data privacy experts see the issue differently.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumOFAC official urges company transparency on ransomware events
Despite its reputation as a fierce enforcer of sanctions, the Office of Foreign Assets Control has a softer side and wants to help companies that are hit with ransomware attacks, according to the agency’s senior compliance officer.
-
PremiumExpert: How data hoarding increases businesses’ cyber risks
Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.
-
News BriefMGM discloses $100M hit from cyberattack
MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.