Which fee might be considered in calculating cyber extortion losses?

Negotiating fees with attackers is a crucial aspect to consider when calculating cyber extortion losses. When an organization faces a cyber extortion incident, such as a ransomware attack, it may engage in negotiations with the attackers to recover compromised data or systems. These negotiations often involve costs, which can include payments or fees to third-party negotiators who specialize in such situations. These specialized negotiators may assist organizations in determining a strategy, especially when legal and ethical considerations come into play.

In contrast, while hardware upgrades, contractor service fees, and software development costs can be relevant to an organization’s overall cybersecurity posture, they do not directly pertain to the immediate financial losses incurred due to a cyber extortion event. The focus on negotiating fees specifically addresses the costs directly linked to addressing the extortion demand, making it the most relevant factor in calculating those losses.