To ask Her Majesty's Government what assessment they have made of research by Emsisoft showing that the amount paid by British companies in ransom to cybercriminals in 2019 was over £200 million.
To ask Her Majesty's Government what meetings they have held with the insurance industry about the growth in cyber ransom attacks against British businesses; and what assessment they have made of the extent to which insurers are encouraging their clients to pay ransoms.
To ask Her Majesty's Government what assessment they have made of the extent to which British companies are paying ransoms to cyber criminals in order to regain access to their data; and what guidance they have made available to support businesses in such circumstances.
The Government continues to see a significant increase in the scale and severity of malicious cyber activity globally. This is why the National Cyber Security Strategy 2016-2021 is supported by £1.9billion of transformational investment. Part of GCHQ, the National Cyber Security Centre (NCSC), is at the heart of this strategy. The Centre provides a single, central body for cyber security at a national level, and has helped over a million organisations become more secure.
Ransomware attacks are increasingly common globally, the Government continues to provide support to British businesses and organisations to try to mitigate the threat. The NCSC continually reviews its advice and guidance to reflect new trends and how companies can protect themselves, as well as providing swift support to organisations which fall victim to ransomware. Additionally, the National Crime Agency’s National Cyber Crime Unit (NCCU) provides the focus for our national response to combating serious cyber criminals. It is using its increased operational resources to deliver arrests and disruption, using the NCA’s enhanced intelligence picture to target criminals where they are most vulnerable. Our priority working alongside the police and the National Cyber Security Centre (NCSC) is to do all we can to mitigate any harm to the UK.
The legal decision of whether or not to pay the ransom is ultimately a matter for the individuals or organisations concerned. We encourage victims of ransom demands to contact the authorities for support. Organisations are increasingly being targeted by ransomware attacks rather than individuals; this is because criminals can demand more money, and victims are more likely to pay due to reputational damage and desire to maintain the viability of their business for the future.
Information Commissioner’s Office (ICO) statistics indicate that in the last financial year for 2019/20 there were 160 recorded ransomware-related breaches, accounting for 6.8% of all cyber-related breaches. The Government currently does not hold any official data on the total cost of ransomware demands.