ARTICLE
1 May 2023

Proposed Cyber Ransom Bans Predicted To Cause "Catastrophic Damage"

KG
K&L Gates

Contributor

K&L Gates logo
At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Explore
We saw last year how low hackers are willing to stoop to shame companies into paying ransoms, including leaking sensitive information aimed at embarrassing individuals affected by data breaches.
United States Technology
Person photo placeholder
Person photo placeholder
Photo of Stephanie Mayhew
Photo of Dadar Ahmadi-Pirshahid
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

We saw last year how low hackers are willing to stoop to shame companies into paying ransoms, including leaking sensitive information aimed at embarrassing individuals affected by data breaches. As a result we also saw prominent calls for ransom payments to be 'banned', to reduce the financial incentives for hackers to target Australians' personal information.

We are now hearing the flipside to that argument, with AGL Energy warning that a government-imposed ban on companies paying cyber ransoms to hackers could cause "catastrophic damage".

In AGL's 2023-2030 Australian Cyber Security Strategy Discussion Paper submitted to the Department of Home Affairs in relation to reforms to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act), AGL stressed that while prohibiting ransoms may reduce the volume of attacks, it could also result in "potentially avoidable catastrophic damage, harm to community, loss of life, disruption of essential services or disclosure of sensitive information", as in some circumstances and for some organisations, "the payment of a ransom demand may be the only path to achieving acceptable outcomes".

In the alternative, AGL proposes that the government should strongly discourage ransoms and consider imposing a ban only when Australia has more robust cyber security capabilities in force.

This position notably contrasts with recent public positions from the Australian Federal Police and government for high-profile data breaches, but illustrates the difficult decisions and practical concerns that businesses must weigh up when faced with a ransomware scenario. Paying a ransom is never a guarantee that an organisation will get their data back, regain access to its systems, or prevent further disclosures, but AGL makes the case for leaving the option open as a last resort. The decision is clearly fraught, and organisations are well advised to consider their position before faced with the need to make a choice

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Cameron Abbott
Person photo placeholder
Rob Pulham
Photo of Stephanie Mayhew
Stephanie Mayhew
Photo of Dadar Ahmadi-Pirshahid
Dadar Ahmadi-Pirshahid
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More