Experiencing a Security Breach?
contact@prisminfosec.com +44 (0) 1242 652 100 +44 (0) 1242 652 100

LATEST CYBER SECURITY NEWS AND VIEWS

Home > News > UK Government Proposes Ban on Public Sector Ransomware Payments

Latest news

UK Government Proposes Ban on Public Sector Ransomware Payments

Posted on by Prism Infosec

On 22nd July 2025, the UK Government announced a significant legislative proposal aimed at reducing the incentive for ransomware attacks. Under the proposed law, public sector bodies and operators of Critical National Infrastructure (CNI) — including schools, local councils, the NHS, utilities, and data centres — would be prohibited from paying ransoms to cybercriminals.

The intention behind this move is to make these organisations less attractive targets for financially motivated threat actors. By clearly signalling that ransom payments are not an option, the Government hopes to deter attacks on the public sector altogether.

While the ban would apply only to public sector and CNI organisations, private companies would still be permitted to consider paying ransoms — but with a new requirement: they must notify the UK Government of any intention to make such a payment. This step would allow the Government to offer guidance, and assess and advise whether the payment could breach existing laws, such as sanctions regulations.

The implementation timeline for this proposal has not yet been confirmed. However, the announcement follows a public consultation in which nearly 75% of respondents supported the measure.

At Prism Infosec, we support efforts to reduce the impact of ransomware and limit the profitability of these attacks. However, we recognise that the proposed legislation could have unintended consequences. Organisations may still be tempted to pay ransoms covertly, particularly if they feel they have no other viable recovery options. This approach carries serious risks — including legal, reputational, and operational consequences — especially if payments are made in breach of sanctions or reporting requirements. Furthermore, the proposed legislation also makes note that penalties for breaching the legislation are also being considered.

As always, we strongly encourage all organisations to prioritise robust cyber security measures, incident response planning, and open communication with authorities in the event of an attack.

Further details on the Government’s proposal can be found here: https://www.gov.uk/government/consultations/ransomware-proposals-to-increase-incident-reporting-and-reduce-payments-to-criminals

FILTER RESULTS

Latest tweets

Prism Infosec @prisminfosec ·
16 Dec

A great conference @BSidesLondon, thanks for having us at #BSidesLDN2024! Looking forward to continuing the relationship next year!

Prism Infosec @prisminfosec ·
26 Nov

Prism Infosec is proud to be a gold sponsor of @BSidesLondon 2024! Come and visit us on our stand and join in our cyber scavenger hunt! #CyberSecurity #bsides

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.