NCC Group calls for a broader resilience strategy to tackle the growing threat of ransomware following the outcome of the UK Government’s Ransomware consultation.
In response to a recent consultation, the UK Home Office has today (Tuesday 22nd July) reaffirmed its intention to:
- Ban public sector bodies and operators of critical national infrastructure from paying ransomware demands
- Require all other UK organisations to notify the government of any intent to pay a ransomware demand
- Mandate the reporting of ransomware incidents
The consultation outcome acknowledges the complexity of these proposals and commits to further engagement with industry to address potential unintended consequences and implementation challenges.
Tim Rawlins, Senior Adviser at NCC Group, comments:
“We support the Government’s determination to disrupt the ransomware threat. However, as the consultation rightly highlights, this is not a straightforward issue.
“A payment ban for public sector and critical infrastructure organisations could unintentionally shift the threat toward smaller, less resilient organisations, or potentially drive payments underground.
“The proposed payment authorisation scheme must reflect the realities of cyber incident response and provide appropriate and timely support for victims.
“Enhanced reporting will help build a clearer picture of the threat landscape, but any new requirements must align with existing frameworks and processes to avoid adding confusion to an already complex regulatory environment.
“Further work is needed to model the impact of the proposals, design future-proof solutions, and develop a broader resilience strategy that supports prevention, recovery, and intelligence sharing across the economy.”
NCC Group is committed to working with the Home Office and the legislative process to help disrupt the criminal ransomware ecosystem and support our clients globally to become more resilient.