The UK’s National Cyber Security Centre (NCSC), in collaboration with insurance industry bodies, has published guidance for organisations considering payment in ransomware incidents.
Aimed at minimising the overall impact of ransomware incidents, the timely resource was jointly developed by the NCSC and the Association of British Insurers, the British Insurance Brokers’ Association (BIBA), and the International Underwriting Association.
The goal is to reduce disruption and cost to businesses, the number of ransoms paid by ransomware victims, and the size of ransoms where victims choose to pay.
The guide lists the following key considerations:
Commenting on the initiative, BIBA said: “We support this cohesive approach by the insurance sector and Government to support cyberattack victims by following the good practice in the guide.
“A cyber ransom attack is one of any business’ greatest risk to their ability to trade regardless of size or sector. This Ransom Payment Guidance provides practical help to plan and respond in a crisis and importantly encourages firms to consider other approaches to responding to a cyberattack ahead of ransom payments in conjunction with any outsourced IT to ensure a joined-up response.
“For anyone, it may bring clarity to a very challenging situation or be a useful sense-check of a business’ response procedure. Many small businesses still don’t expect to be a victim of a cyberattack, but that’s not the case. Cybercriminals will assess not how valuable a business is but how vulnerable they are.”
The ransomware guide can be accessed here.
What do you think about this story? Share your thoughts in the comments below.
