👾 Ransomware is the most acute cyber threat for most businesses in the UK and the impact of an attack can have far reaching effects in an organisation.
The Government has proposed banning public sector and critical infrastructure organisations from making ransomware payments.
There is also a proposal for the creation of a mandatory reporting regime for ransomware incidents. This is intended to boost available intelligence on ransomware attacks for law enforcement agencies.
The main objectives of the proposed legislation are:
🛡️ to reduce the amount of money flowing to ransomware criminals from the UK.
🛡️to increase the ability of operational agencies to disrupt and investigate ransomware actors by increasing the UK's intelligence around the ransomware payment landscape.
🛡️ to enhance the government's understanding of the threats in this area to inform future interventions, including through cooperation at international level.
The service will help increase the National Crime Agency (NCA)'s awareness of live attacks and criminal ransom demands.
Further information about the consultation can be found 👉Ransomware: proposals to increase incident reporting and reduce payments to criminals
The NCSC published a report at the end of 2024 stating that cyberattacks are becoming more frequent and severe. The NCSC report can be viewed👉NCSC Risk Facing UK Widely Underestimated. Richard Horne, CEO NCSC stated:
“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve."
Knowledge Bank Support & Guidance If you're worried about your cyber resilience and you are a school or college, consider how the DfE Digital Standards can help with this. Start by assigning your SLT Digital Lead and reviewing the Digital Leadership & Governance Standards. Small businesses can also view our Cyber Security Best Practice Area.
🚫 Generally speaking, victims are always advised not to pay ransoms as there is never a guarantee that a decryption code will be received or that the data will be received even if it is decrypted.
🔍 Remember that by reporting an incident, however small it may seem, might just be the last piece of the puzzle that's needed for gathering evidence against a threat actor. Do you know how to report cyber incidents?
What to do in the event of a Cyber Attack
Incidents or attacks where any security breaches may have taken place, or other damage was caused, should be reported to an external body.
The SLT digital lead will be responsible for assigning someone to report any suspicious cyber incidents or attacks. This person will need to report this to:
- Action Fraud on 0300 123 2040, or the Action Fraud website
- the DfE sector cyber team at
This email address is being protected from spambots. You need JavaScript enabled to view it.
You may also need to report to:
- the NCSC website if the incident or attack causes long term school closure, the closure of more than one school, or serious financial damage
- the ICO website within 72 hours, where a high risk data breach has or may have occurred
- your cyber insurance provider (if you have one), such as risk protection arrangement (RPA)
- Jisc, if you are a part of a further education institution
You must act in accordance with:
- Action Fraud guidance for reporting fraud and cyber crime
- Academy Trust Handbook Part 6, if you are part of an academy trust
- ICO requirements for reporting personal data breaches
Police investigations may find out if any compromised data has been published or sold and identify the perpetrator.
m. Preserving evidence is as important as recovering from the crime.
Forward suspicious emails to