Where business-critical information or platforms are at stake, many commercial parties will seriously consider immediately paying the ransom hoping to regain control of operations, secure client data and avoid continued business disruption and negative publicity. However, businesses may wish to pause. Cyberattacks, by their very nature, know no borders and nor therefore should a private fund’s response.
In the first of this two-part series for Cybersecurity Law Report, Proskauer outlines immediate incident response steps and analyses whether to pay a ransom, from U.S., U.K. and E.U. perspectives.