National Cyber Security Centre (NCSC) and insurance associations issue guidance on ransom payments relating to ransomware

The NCSC has issued joint guidance with three major insurance industry associations. The aim of the guidance is to “improve market wide ransomware discipline”.

The guidance gives an overview of things to consider when faced with a ransom request:

  • Don’t panic – the ransomware actors will try to exert pressure to make you act quickly but ensure your decision making is considered and deliberate.
  • Review the alternatives – are there ways to recover the data without paying?
  • Record decision making – this can help with post incident reviews and dealing with regulators.
  • Where possible, consult experts – get the right people to help you deal with the situation.
  • Involve the right people in decision making – this may include senior individuals and technical staff.
  • Assess the impact – on your business operations, finances and on personal data.
  • Investigate the root cause – this will help to prevent future incidents.
  • Remember that payment doesn’t guarantee you will get your data back.
  • Review legal and regulatory considerations – is the payment lawful?
  • Remember that the ICO does not consider ransom payment to be an act of mitigation.
  • Report the incident to the UK authorities – The UK Government’s incident signposting service can help with this.

The full guidance can be found here.


Don't just take our word for it