Thursday, September 23 2021

The European Council extended a framework that penalizes cyber-attacks against EU or member countries for another year. The framework, part of the EU cyber diplomacy toolbox, aims to strengthen Europe’s resilience against cyber threats.

The measures include travel restrictions and freezing assets of individuals or entities responsible for facilitation of cyberattacks. The sanctions currently apply to Russian, Chinese, and North Korean individuals and entities, although the framework is important for all organizations because parties beyond the cyber attackers can be penalized.

In a recent blog post, Steptoe & Johnson LLP warned companies facing ransomware payment requests to consider the framework. Despite attribution challenges, “payment to listed persons amount to a violation of sanctions regime.” Financial institutions and insurance companies are similarly affected by facilitating payments or providing cyber coverage that includes ransom payments.

Indeed, in the start of what could be a trend, global insurer AXA said earlier this month that it would no longer issue cyber-insurance policies in France that reimburse customers for ransomware payments to criminal groups.

The EU framework is part of a regulatory trend towards increased scrutiny of ransomware payments. The Biden administration’s Executive Order “sets the stage for an uptick in similar actions” in the US, said Alex Sharpe, principal at Sharpe Management Consulting.

While certainly “a step in the right direction,” the Executive Order does not go far enough, according to XPAN Law Partners managing partner Rebecca L. Rakoski. US domestic organizations face a “patchwork of guidelines and standards without clear guidance” from the Federal Government, she stated.

Considering the current lack of clear, substantial legislative and regulatory frameworks, legal ambiguities, and competing interests, the world finds itself at a crossroads. Until fundamental changes are made to legislative and regulatory frameworks, we remain at an “uncomfortable time,” said Sharpe.

Previous

US Infrastructure Plan Includes Billions for Cybersecurity Improvements

Next

Third-Party Cloud Service Misuse Exposes Over 100M Users’ Data

Check Also

Widget

Don’t Miss

Cyber Deal Update: Upstream Security, Hunters, build.security

Khushi Arora

Upstream Security and Hunters complete Series C and Series A funding rounds, respectively. Elastic NV acquires build.security. Funding Upstream Security, an Israeli provider of automotive cybersecurity and a data analytics platform for connected vehicles, has closed a $62 million Series C funding round led by Mitsui Sumitomo Insurance, along with new investors I.D.I. Insurance, NextGen […]

Cyber Deal Update: Loop Secure, Intelligent Automation, Blumira

Khushi Arora

Tesserent acquires Loop Secure to complement its own services, and BlueHalo merges with Intelligent Automation. Blumira completes a Series A funding round. Mergers and Acquisitions Tesserent, an Australian network security company, has announced its intent to acquire Loop Secure, a provider of managed security services, governance risk and compliance, and offensive security services also based […]

Cyber Deal Update: FHIRBlocks, InfoSum

Khushi Arora

Healthcare cybersecurity company ConsenSys Health acquires FHIRBlocks. InfoSum and Monte Carlo close a Series B and Series C funding round, respectively. Mergers and Acquisitions Otava, a Michigan-headquartered cloud solutions provider, has announced its acquisition of NewCloud Networks, a Colorado-based cloud computing services provider. The acquisition provides Otava a product portfolio that includes security services, cloud […]

Cyber Deal Update: Carve Systems, Baffle, Certik

Khushi Arora

iVision acquires Carve Systems, Baffle closes a Series B funding round, and CertiK closes adds to its Series B funding round announced last month. Mergers and Acquisitions iVision, a Georgia-based provider of IT infrastructure and application solutions, has acquired Carve Systems, a New York-based cybersecurity company that provides security testing, security engineering, and security strategy […]

Cyber Executive Moves: Aegon Asset Management, Tego Cyber

Khushi Arora

Aegon Asset Management hires former COO of MN and Tego Cyber gains a new CISO. Aegon Asset Management, based in The Netherlands, has appointed Nicole Grootveld-Sandig as its chief technology officer. Grootveld-Sandig joins Aegon from the Dutch specialist pensions management company MN NV. Tego Cyber, a Nevada-based developer of cyber threat intelligence solutions, has hired […]

Cyber Deal Update: Appriss Insights, Espagon

Khushi Arora

Equifast acquires data analytics company Appriss Insights, while Cisco acquires observability provider Espagon. Mergers and Acquisitions Equifax, an Atlanta-based global data, analytics and technology company, has announced its acquisition of Appriss Insights, a Kentucky-based information technology company providing customized solutions to enhance security and financial processes for businesses, for $1.825 billion. “We are extending the […]