Leading cyber security researchers, F-Secure, have predicted a significant rise in the ransom demanded for stolen or encrypted data following the General Data Protection Regulation (GDPR) compliance deadline in May 2018. Potentially the sums demanded, due to GDPR cyber ransom, could be in the order of telephone numbers.
In the past, cyber attackers have often been unaware of how much stolen data is worth to organisations. However, the implementation of GDPR means that organisations can be fined up to 4% of their global annual turnover or €20m, whichever is greater, if found to have a data breach. These fines effectively provide cyber criminals with a price point. This means it is now possible for criminals to understand how much data is worth to organisations and demand a far higher GDPR cyber ransom.
GDPR Cyber Ransom:
As a result, hackers are likely to understand that companies will be willing to pay almost anything less than such fines, in order to keep the data breach quiet. This is in order to avoid the heavy fines and keep their reputation intact. Currently criminals typically only demand thousands of Pounds as a ransom for stolen data. This is predicted to increase to tens of thousands, hundreds of thousands, or even millions of Pounds, depending on the organisation.
GDPR as a business opportunity:
With just over six months to go before the compliance deadline, companies are being urged to get their data in order. This is not only due to the potential fines, but also as GDPR can be seen as a business opportunity.
Many organisations have focused on the fines associated with GDPR. In reality, GDPR is an expansion of the ability to manage the use of data. This regualtion aims to level the playing field between the public and the private sector, in order to facilitate the exchange of data. In addition, GDPR enables companies to understand the data that they have, how to best secure it and how to manage the data effectively in order to use it to identify potential business opportunities.
GDPR will essentially work to create a global standard for data protection. This provides European businesses with the opportunity to produce goods and services worldwide that adhere to this standard. In turn, this generates trust between organisations and customers, which is essential for online business.