75% of UK business leaders are willing to risk criminal penalties to pay ransoms
A ransom payment ban is a great idea - until you're the one being targeted...
UK business leaders are overwhelmingly in favor of a ban on ransomware payments in the private sector - but would break such a ban themselves if they thought it was necessary.
The government is proposing a ban on the payment of ransoms by public sector bodies and operators of critical national infrastructure, including the NHS, local councils, and schools.
For the time being, the ban doesn’t extend to private firms. However, analysis from Commvault found that 96% of UK business leaders believe payments should be banned across both the public and private sectors.
In the event of a ban being imposed on private sector firms, three-quarters (75%) admitted they would still pay a ransom themselves if it were the only way to save their organization, regardless of whether civil or criminal penalties applied.
“Paying a ransom rarely guarantees recovery and often increases the likelihood of being targeted again,” said Darren Thomson, field CTO EMEAI at Commvault.
“A well-enforced ban could help take the profit out of ransomware, but it must be matched by greater investment in prevention, detection, and recovery-testing. Without that, more organizations could find themselves exposed at the worst possible moment, with no viable path to recovery.”
The survey found that 94% of business leaders support limiting ransom payments for public bodies, and 99% for private organizations.
However, in real-world situations within the private sector, only 10% said they would actually comply with any ban if they were attacked. A further 15% said they'd be neither likely nor unlikely to comply.
Of those who supported a proposed payment ban, 34% reckoned it would lead to increased government support and intervention to help build up cyber resilience.
Another third thought it would bring down the number of attacks by reducing the incentive for attackers.
Ransom payment bans are a tightrope for private firms
While the government's proposals so far only ban the payment of ransoms by public sector bodies and operators of critical national infrastructure, they do place certain constraints on private firms.
Businesses would be required to notify the government of any intent to pay a ransom - which would then tell them whether or not they'd be breaking the law by sending money to sanctioned cyber criminal groups, many of which are based in Russia.
“Ransomware and cyber attacks will be a concern for a long time, as international cyber gangs make huge profits from them and use these resources to continually develop their attack tools," says Jane Frankland, CEO of security training firm Knewstart.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The ransomware groups worrying security researchers in 2025
- Nearly half of MSPs admit to having a ransomware kitty
- Ransomware victims are getting better at haggling with hackers
-
Tomorrow's fraud techniquesITPro Podcast Leaders need to proactive as attackers launch more consistent, sophisticated attacks
-
Met Office hails huge efficiency gains in first year of cloud supercomputing with Microsoft AzureNews In moving to the cloud, the Met Office has bolstered operational resilience and helped to deliver more accurate forecasts
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in lifeNews With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
