However, he added, “policies that penalize victims will inadvertently lead to underreporting of incidents, driving payments underground, and hindering intelligence gathering and law enforcement efforts. It’s also a punitive measure on victims already suffering financial loss.”
Robin Brattel, CEO of Lab 1, a data intelligence vendor, argued that there is also the issue of group compliance. The ban may ultimately work, but only if just about everyone cooperates.
“Some threat actors will test the model to see if it holds. Once one organization gives in, others may follow. The challenge is for everyone to stay unified. If that happens, there’s a chance that money-hungry threat actors will stop focusing on these victims,” Brattel said. “However, hackers and state actors won’t disappear. Initially, we could see an uptick in attacks, but there’s a chance that they may subside over time.
