George Kurtz, chief executive of the cybersecurity company CrowdStrike has highlighted that the price of ransomware may go up due to recent implementations of GDPR
Under the new regulations, companies must pay 4% of their annual net turnover or £17.5m (€20m), whichever’s higher.
Currently the Government tells businesses not to pay ransomware demands with companies in the UK also having a duty of care to report any ransomware incidents to the Information Commissioner’s Office (ICO); it is however clear as to how some companies might be tempted to cover it up and pay the cheaper ransomware charge.
“If [you have] a 4% fine on your overall top line revenue, or you have a ransomware that you can pay off and maybe quietly make it go away, I think there’s going to be an interesting dynamic in the amount that the market values paying off enterprise ransomware,” Mr Kurtz said.
A lot of ransomware these days does not have a fixed charge, with the criminal vendors making their own assessment as to how much companies should pay based on their size, income and essentially how much they think they can get away with without pricing the company out of being able to restore their files.
Perhaps in the future ransomware vendors will be taking GDPR fines into consideration and offer a reduced percentage for the safe decryption of their files and ensure the matter is kept under wraps.
Let us know your thoughts on whether GDPR will have an effect on ransomware demands.