NCSC releases ransomware guidance

Resource developed in collaboration with ABI, BIBA, IUA

NCSC releases ransomware guidance


By Terry Gangcuangco

The UK’s National Cyber Security Centre (NCSC), in collaboration with insurance industry bodies, has published guidance for organisations considering payment in ransomware incidents.

Aimed at minimising the overall impact of ransomware incidents, the timely resource was jointly developed by the NCSC and the Association of British Insurers, the British Insurance Brokers’ Association (BIBA), and the International Underwriting Association.

The goal is to reduce disruption and cost to businesses, the number of ransoms paid by ransomware victims, and the size of ransoms where victims choose to pay.

The guide lists the following key considerations:

  • Don’t panic.
  • Review alternatives, including not paying.
  • Record your decision-making.
  • Where possible, consult experts.
  • Involve the right people across the organisation in decisions, including technical staff.
  • Assess the impact.
  • Investigate the root cause of the incident to avoid a repeat attack.
  • Be aware that payment does not guarantee access to your devices or data.
  • Consider the correct legal and regulatory practice around payment.
  • Know that paying a ransom does not fulfil your regulatory obligations.
  • Report the incident to UK authorities.  

Commenting on the initiative, BIBA said: “We support this cohesive approach by the insurance sector and Government to support cyberattack victims by following the good practice in the guide.

“A cyber ransom attack is one of any business’ greatest risk to their ability to trade regardless of size or sector. This Ransom Payment Guidance provides practical help to plan and respond in a crisis and importantly encourages firms to consider other approaches to responding to a cyberattack ahead of ransom payments in conjunction with any outsourced IT to ensure a joined-up response.

“For anyone, it may bring clarity to a very challenging situation or be a useful sense-check of a business’ response procedure. Many small businesses still don’t expect to be a victim of a cyberattack, but that’s not the case. Cybercriminals will assess not how valuable a business is but how vulnerable they are.”

The ransomware guide can be accessed here.

What do you think about this story? Share your thoughts in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!