top of page
Search

The Government’s new ransomware measures: what they mean for your business

  • Writer: Carolyn Hughes
    Carolyn Hughes
  • Jul 28
  • 3 min read

Updated: Jul 29

The Government has recently proposed a new set of guidelines focused on tackling ransomware and reducing cyber crime overall.  


These measures, announced by Home Office Security Minister Dan Jarvis last week, are designed to help organisations respond more effectively to cyber threats while discouraging ransom payments.


The impact of cyber attacks on businesses

Cyber attacks have the potential to cause severe harm to businesses of all sizes, as well as essential public sector organisations. Disruptions can halt services or business operations and lead to significant financial losses, reputational damage and legal consequences.


The Government's Cyber Security Breaches Survey 2025 found that while the prevalence of cyber crime overall remained static, the prevalence of ransomware among businesses has significantly increased between 2024 and 2025. The estimated percentage of all businesses who experienced a ransomware crime in the last 12 months increased from less than 0.5% in 2024 to 1% in 2025, which equates to an estimated additional 19,000 businesses in 2025.


What is ransomware?

Ransomware is a malicious type of software (malware) that allows cybercriminals to gain unauthorised access to your IT systems and data. Once inside, the attackers can encrypt your data and demand a ransom to get it back, which is often a substantial amount.


One of the most common ways criminals infiltrate business systems is through phishing attacks. These often take the form of emails, which might impersonate senior staff or trusted outside partners, and ask recipients to click on malicious links or open harmful attachments. These attachments can potentially lead to malware being installed on an employee’s device, which gives the attackers an entry point to your IT systems. 


It's important to note that paying a ransom does not guarantee the safe return of your data or the restoration of your systems. Ransomware attacks cost businesses and public bodies millions of pounds every year. A report by Sophos stated that the median ransom for the UK was £1.9m and 89% of ransoms were for more than £750,000. 


What would the new Government proposals include?


  • Ban on ransom payments for public sector organisations

    Hospitals, schools, local councils and other public bodies would be prohibited from paying ransoms to cyber criminals. This change is intended to make these high-value targets less attractive to cybercriminals.


  • Mandatory notification for all other businesses and organisations

    Private sector businesses considering paying a ransom will have to notify the Government of their intent. Authorities will provide guidance and resources to help affected organisations respond effectively and will also advise if payments would breach laws, such as those involving sanctioned groups in Russia.


  • Development of mandatory reporting Mandatory incident reporting processes are being developed. These will help investigators gather crucial evidence and disrupt further criminal activity.


ree

How to prevent cyber attacks


Every organisation needs to prioritise cybersecurity and foster a culture of cyber awareness across the whole organisation.


Here are some practical steps to strengthen your defences:


  • Maintain regular backups Regularly backing up business data dramatically improves your resilience. In the event of a ransomware attack, having reliable backups means you can restore your systems without paying a ransom. We recommend getting in an IT professional to set up and monitor regular back ups. 


  • Phishing awareness training Staff should be trained to recognise and report phishing attempts. Since employees are often the first line of defence, raising awareness about phishing emails and what they look like can help stop attacks before they start.


  • Enforce strong password security Encourage everyone in your organisation to use unique, strong passwords and consider implementing password managers. Robust password policies reduce the likelihood of unauthorised access.


  • Security updates Ensure all business devices are kept up to date whenever prompted to ensure maximum security. Updates often fix bugs that cyber attackers can exploit to gain access. 


The Government's Cyber Security Breaches Survey 2025 found that around half of businesses already had a policy that stated they would not pay ransoms during a cyber attack. It would be great to see more businesses adopt this policy formally. 


The threat of ransomware continues to grow, but these new Government proposals are a vital step towards a more secure environment for businesses and organisations across the UK. By building resilience through staff training and secure practices, businesses and organisations can help protect themselves against cyber threats and respond confidently if an incident occurs.


Make sure your business is signed up for our free membership option - and also consider booking our low-cost training services for your employees.

Commenti

How can we support your business?

Phishing 292 x 219px.png

Simulated Phishing Exercise

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Security Awareness Training

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Business Premium Membership

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page