Comment & Analysis: Govt Ransom Ban Will Prompt Rethink on Policy Wording

14 August 2025 alastair walker Opinion 0

Public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools, would be banned from paying ransom demands to criminals under the measures. Under the proposals, businesses not covered by the ban would be required to notify the government of any intent to pay a ransom. Here are some comments from Intersys;

Matthew Geyman, Managing Director, Intersys, said: “Ransomware is probably the most serious organised cybercrime threat likely to impact an organisation. Following public consultation, the UK government’s proposal to ban ransom payments by public sector bodies – and mandate reporting – is a defining moment in the fight against this fraudulent scourge, and begins to define a more rigorous approach to an escalating systemic problem.

It also places fresh scrutiny on how the insurance sector approaches cyber risk. As attackers – often serious organised crime – shift focus to the private sector, insurers must reassess underwriting strategies to ensure organisations demonstrate robust cyber hygiene before cover is issued.

This reassessment is vital given the evolving threat landscape: ransomware software can now be purchased and deployed by threat actors with little to no programming knowledge, lowering the barrier to entry and increasing the frequency of attacks. Critically, there is no guarantee that paying a ransom will successfully unencrypt data. The decryption tools may not work as intended, and once the ransom has been paid, the attackers have no real incentive to offer assistance.

This isn’t just about setting premiums – it’s about avoiding policy wordings or claims processes that could inadvertently facilitate ransom payments or be seen to endorse them. Clear boundaries are now essential. With tougher legislation on the horizon, insurers must double down on resilience-based underwriting and ensure clients are equipped to recover quickly and lawfully from an attack. The same principle applies internally: insurers must also strengthen their own cyber defences, as the risk of becoming a ransomware target is just as real for them as for their policyholders.”

About alastair walker 19451 Articles
20 years experience as a journalist and magazine editor. I'm your contact for press releases, events, news and commercial opportunities at Insurance-Edge.Net
Twitter

Related Articles

Insurance Brokers

New Report From the LMA on Cyber Risks

13 January 2025 alastair walker Insurance Brokers 0

A new report has been published by the Lloyd’s Market Association (LMA) setting out a framework for Lloyd’s insurers to consider using when managing their exposure to lesser-known systemic cyber risks. Here are the details […]

Emerging Risk

Allianz Report Looks at Cyber Risks in Detail

19 November 2020 alastair walker Emerging Risk 0

External attacks on companies result in the most expensive cyber insurance losses but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a new report […]

InsureTech

Data Disaster Plannning? Mphasis Has AWS Back-Up

27 October 2021 alastair walker InsureTech 0

Mphasis, an information technology (IT) solutions provider specializing in cloud and cognitive services, announced it is leveraging CloudEndure Disaster Recovery, an Amazon Web Services, Inc. (AWS) company, to offer Cloud Disaster Recovery. Mphasis Stelligent utilizes […]

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.