A ransomware demand is enough to give any company executive heartburn as the decision of whether or not to pay the ransom is considered. Part 1 of this two-part series highlighted three factors to consider as part of the decision to pay: what has been compromised, what will the downtime cost the company and was personally identifiable information affected? However, there are several other issues to consider before making a final determination on whether or not to pay a ransom.
Are there other regulatory impacts to consider?
In some cases, an organization’s leadership or its standing policies may take the position that the organization will not pay a ransom, regardless of the consequences. This position follows that of government agencies, including the Federal Bureau of Investigation, which do not support paying a ransom in response to a ransomware attack. But when the possibility of payment is on…
