Organizations are wise to understand their cyber policies well ahead of a breach and have a strong cyber risk management strategy in place that balances a realistic role for the insurance policy against the organization's mitigation practices. (Photo: Melinda Nagy/Adobe Stock)
A ransomware demand is enough to give any company executive heartburn as the decision of whether or not to pay the ransom is considered. Part 1 of this two-part series highlighted three factors to consider as part of the decision to pay: what has been compromised, what will the downtime cost the company and was personally identifiable information affected? However, there are several other issues to consider before making a final determination on whether or not to pay a ransom.
Are there other regulatory impacts to consider?
In some cases, an organization's leadership or its standing policies may take the position that the organization will not pay a ransom, regardless of the consequences. This position follows that of government agencies, including the Federal Bureau of Investigation, which do not support paying a ransom in response to a ransomware attack. But when the possibility of payment is on the table, organizations need to know that simply making the payment could put them into legal jeopardy.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
