A Hostage to Fortune: Ransomware and UK National Security


While ransomware is not a new cyber security risk, the sophistication of ransomware attacks has increased over time, making them a significant and persistent threat, commanding attention from the highest levels of government around the world. In 2023, it was reported that ransomware affected 66% of organisations globally, and the average ransom was $1.54 million – almost double the 2022 figure of $812,380. These attacks extend beyond targeting individual entities, impacting entire supply chains, and causing more extensive damage on a broader scale, prompting Governments worldwide to bolster their defences.

The House of Commons Joint Committee on the National Security Strategy recently conducted an in-depth analysis of the ransomware threat, culminating in a set of recommendations for the UK government. In this blog, we explore the key findings of the committee’s report, shedding light on the subsequent recommendations that aim to fortify the nation’s cyber-resilience.

Establishing a Cross-Sector Regulator:

One of the pivotal recommendations put forth by the committee is the establishment of a cross-sector regulator for the cyber-resilience of critical national infrastructure (CNI). Recognising the interconnectedness of various sectors such as energy, healthcare, and finance, the committee emphasises the need for a unified approach to safeguarding critical assets. A cross-sector regulator would facilitate coordination, information sharing, and the enforcement of robust cyber security standards across industries.

Funding for Local Cyber-Resilience Programs:

Local authorities play a crucial role in the overall cyber-resilience of a nation. The committee highlights the importance of empowering these entities to combat cyber threats effectively. To achieve this, the National Cyber Security Centre (NCSC) is recommended to receive additional funding to establish a cyber-resilience program tailored for local authorities. This initiative aims to enhance the capabilities of local governments in preventing, detecting, and responding to cyber attacks, ultimately safeguarding the interests of communities.

Reinsurance Scheme in Collaboration with the Insurance Industry:

In a bid to mitigate the financial impact of major cyber attacks, the committee proposes collaboration with the insurance industry to establish a reinsurance scheme. Such a scheme would provide a safety net for organisations affected by substantial cyber incidents, helping them recover and rebuild. By sharing the risk with the insurance sector, the government aims to create a more resilient environment where businesses can operate confidently, knowing that support is available in the aftermath of a cyber attack.

Urgent Reforms to the Computer Misuse Act:

Recognising the dynamic nature of cyber threats, the committee advocates for urgent reforms to the Computer Misuse Act. The Act, which currently governs offences related to unauthorised access to computer systems, needs to be updated to address the evolving tactics of cybercriminals. Strengthening legal frameworks is crucial to ensuring that law enforcement agencies have the necessary tools to prosecute those engaged in ransomware attacks effectively.

Transfer of Responsibility to the Cabinet Office:

To streamline efforts in combating ransomware, the committee recommends the transfer of responsibility from the Home Office to the Cabinet Office. This strategic move is intended to centralise coordination, strategy development, and implementation of cyber security measures. The Cabinet Office’s overarching role would foster a more cohesive and comprehensive approach to addressing the ransomware threat, aligning with the broader national security strategy.


The government is obligated to respond to the House of Commons Joint Committee’s report within two months. The recommendations set forth by the committee underscore the urgency of fortifying the nation’s cyber security posture. As the government evaluates and responds to these proposals, it is expected that a collaborative and multifaceted approach will be adopted to tackle the complex challenges posed by ransomware. Strengthening cyber security is not only a matter of national security but also crucial for safeguarding the economic and social fabric of the nation.

Paul cragg

Written by Paul Cragg
Paul Cragg is CTO at norm. where he is responsible for the overall technological and systems functions of the business. He also oversees the deployment of norm.‘s services as well as developing key commercial relationships. Paul plays a pivotal role in the ongoing development of cyber security and data protection services which deliver transparency and tangible value to norm.‘s growing client base.