An administrative sanction is a penalty imposed by a regulator when an organization or person breaches legal or regulatory obligations. In cyber security, these penalties often follow failures such as poor data protection, weak incident reporting, missing audit records, or noncompliance with telecom, privacy, or critical-infrastructure rules.
Administrative sanctions matter because they turn security and compliance controls into enforceable obligations, not just best practices. Regulators may review logs, approvals, retention policies, and incident response records to decide whether controls were actually followed. For defenders, this means evidence preservation is part of security: accurate documentation can support a company’s explanation, reduce exposure, and show that technical and organizational measures were in place. For attackers, sanctions can create indirect pressure by forcing victims and service providers to harden systems, improve reporting, and keep better records of what happened.