Providing Clarity In the Wake of U.S. v. Joseph Sullivan: Paying A Ransom To Cyber Intruders Is Not Per Se Illegal, But Corporate Social Responsibility Must Account for CISO Behavior
A CISO’s responsibility is to be transparent with General Counsel and the C-suite regarding facts relevant to data breaches, including whether any ransom has been paid.