Hackney Council’s cyber attack update is more interesting for what it doesn’t say than what it does

There’s a dynamic tension between the need to disclose what’s happened, especially if personal information has been compromised which brings regulatory pressure, and the desire to put the fires out and investigate thoroughly before disclosure. Let’s see how this one plays out…:

[…] If I was heading up an organisation that had suffered a cyber attack and I had been hit by ransomware, I can see a scenario whereby I may not want the attack to become public knowledge. If, for instance, the extortionists had made threats that they would cause even bigger problems if I went to the authorities to investigate.


Original article here