Financial institutions should decline hackers’ requests for voluntary compensation

Abstract

Cybersecurity and data privacy have been prioritised by financial institutions due to legislative requirements, an increase in security breaches, and in fulfilment of their obligations to their customers. Despite this, financial institutions are still considered worthy targets by hackers. This article argues that financial institutions should decline requests for voluntary compensation from grey hat hackers who breach security controls and report discovered vulnerabilities. Following an overview of the motives of different groups of hackers, this article relies on the moral duty of respect for persons, mainly following Kantian ethics, to support the argument against voluntary compensation. The article concludes with an overview of the reasons that compensation is not an appropriate response.