UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Time 2 Minute Read
Categories: Cybersecurity, International

On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)), published joint guidance on the approach to ransom payments (the “Guidance”). The Guidance was prepared for businesses experiencing a ransomware attack with the aim of reducing the overall impact of the incident on the business. The Guidance is intended, among other things, to reduce the number of ransoms paid by ransomware victims in the UK, and the size of the ransoms paid in cases where the victims do elect to pay. 

The Guidance provides details on “things to consider” when experiencing a ransomware attack. These include, but are not limited to:

  • Consider alternatives to paying the ransom;
  • Record important elements of the incident including decision-making, actions taken and data captured;
  • Instruct and consult with experts;
  • Assess the impact of paying a ransom on the business, g., with regard to business operations and finances;
  • Consider the applicable legal and regulatory practices regarding payment; and
  • Report the incident to the relevant authorities where required by law.

Read the NCSC press release.

Read the Guidance.

Tags: Ransomware, United Kingdom
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
UK Regulators Issue Joint Statement on Age Assurance for Online Services

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page