Cybersecurity and data privacy have been prioritised by financial institutions due to legislative requirements, an increase in security breaches, and in fulfilment of their obligations to their customers. Despite this, financial institutions are still considered worthy targets by hackers. This article argues that financial institutions should decline requests for voluntary compensation from grey hat hackers who breach security controls and report discovered vulnerabilities. Following an overview of the motives of different groups of hackers, this article relies on the moral duty of respect for persons, mainly following Kantian ethics, to support the argument against voluntary compensation. The article concludes with an overview of the reasons that compensation is not an appropriate response.

由于立法要求、安全漏洞的增加以及履行对客户的义务，金融机构已将网络安全和数据隐私放在首位。尽管如此，金融机构仍然被黑客视为有价值的目标。本文认为，金融机构应拒绝违反安全控制并报告发现的漏洞的灰帽黑客提出的自愿赔偿请求。在概述了不同黑客群体的动机之后，本文依靠尊重人的道德义务，主要遵循康德伦理，来支持反对自愿补偿的论点。文章最后概述了补偿不是适当回应的原因。