Cybercriminals are nothing if not resourceful. We’ve seen extortion tactics become increasingly popular, most notably in the huge uptick in ransomware over the past few years — whereby the victim is forced to pay up or else lose access to their files forever. It’s entirely possible that the black hats might attack an organisation and steal customer data or plant malware with the aim of first extorting money from the targeted company.
Although it’s still unclear exactly what fines regulators are prepared to levy for specific types of attack, the hacker could estimate the likely penalty and then demand a ransom less than that amount. Some CEOs might opt to pay-up, Uber-style, in order to keep the incident quiet. If they refuse, the attackers could go to plan B and sell the stolen data online.