GDPR fines ‘could increase cybercrime ransom demands’


As a result of the introduction of the General Data Protection Regulation (GDPR) last month, cybersecurity firm CrowdStrike has warned that businesses may be lured into paying cyber ransom demands to criminals, rather than pay costly GDPR fines.

Ransomware is a form of malicious software that threatens to publish confidential data, or locks your files until a cyber ransom is paid.

Fines for non-compliance with the GDPR cost up to €20 million, or up to 4% of global turnover, whichever is higher. The GDPR fines have allowed criminals to increase ransom demands, while keeping ransom fees lower than the GDPR penalties.

George Kurtz, Chief Executive of CrowdStrike, stated: ‘If [you have] a 4% fine on your overall top-line revenue, or you have a ransomware that you can pay off and maybe quietly make it go away, I think there’s going to be an interesting dynamic in the amount that the market values paying off enterprise ransomware.’

Many consumers have recently been bombarded with what Security Boulevard, a security bloggers’ network, calls a ‘barrage of new terms and conditions’ from businesses, which are designed to gather and record individuals’ consent in regard to firms’ marketing emails and other communications. Criminals have been taking advantage of the sending of such emails to carry out scams by ‘catching internet users off guard’, according to a report published by Security Boulevard.

If a business finds itself victim of a ransomware attack, business owners should contact the National Cyber Security Centre (NCSC), which provides crisis support to affected firms.