#39 To pay or not to pay

This week, Arj and Jordan dive into the vexed question of whether companies should pay ransoms to cybercriminals.

The government's position is clear: do not pay. The reality on the ground for most companies is much more complex. Arj and Jordan step through these complexities and the competing imperatives organisations face when confronted with this difficult decision.

Important note: This is a complex topic and it's important to emphasise that in this discussion we aren't advocating one way or the other in relation to paying ransoms generally - merely illustrating how businesses faced with a ransom demand do have various and competing considerations.

Links:

Medibank breach round-up (Guardian) https://www.theguardian.com/australia-news/2022/nov/12/medibank-v-the-hackers-how-the-health-insurer-fell-to-a-mass-data-theft

National coordination mechanism invoked (IT News) https://www.itnews.com.au/news/gov-invokes-emergency-coordination-as-medibank-breach-worsens-586965

ACSC ransomware advice https://www.cyber.gov.au/ransomware

Ransomware action plan https://www.homeaffairs.gov.au/cyber-security-subsite/files/ransomware-action-plan.pdf

Labor call for National Ransomware Strategy https://timwatts.net.au/media/187357/beyond-the-blame-game-ransomware-discussion-paper.pdf

Panama Papers https://en.wikipedia.org/wiki/Panama_Papers

Credits:

Music by Bensound.com