Getting your Trinity Audio player ready...
|
London, UK – July 22, 2025
The UK Government has published its official response to public feedback on its ransomware consultation, outlining next steps for potential legislative reforms aimed at curbing the impact of ransomware attacks. The consultation focused on three key proposals, each designed to enhance national cybersecurity resilience.
1. Targeted Ban on Ransomware Payments
The first proposal recommends a ban on ransomware payments by public sector bodies—including schools, local councils, and the NHS—as well as private entities operating critical national infrastructure. This measure received strong support, with 72% of respondents in favour.
2. Ransomware Payment Prevention Regime
The second proposal suggests a regime requiring private companies to notify authorities before making any ransomware payments. The government would then have the authority to advise, discourage, or block such payments. Feedback was mixed, with concerns about uneven application across sectors and the potential for attackers to shift focus to less regulated industries. Respondents generally favoured an economy-wide approach.
3. Mandatory Incident Reporting
The third proposal calls for a mandatory ransomware incident reporting regime. While broadly supported, stakeholders noted that reporting thresholds and mechanisms require further clarification. Concerns were raised about the potential risks of public disclosure, which could undermine the effectiveness of ransom payments and expose reporting entities to further threats.
The government emphasized that these proposals represent a shift from advisory guidance to enforceable legislation. It also acknowledged the need for proportionate penalties to avoid further victimizing organizations already impacted by ransomware.
Industry observers note that any regulatory changes could have significant implications for cyber insurance policies, particularly those covering ransom payments. The government confirmed its intention to continue refining all three proposals in consultation with stakeholders.
Source: dechert.com