Question to the Home Office:

To ask the Secretary of State for the Home Department, whether he has made an assessment of the potential merits of introducing a ban on public sector bodies paying a ransom to criminal groups in exchange for decryption.

Cyber crime is a significant threat to the security and prosperity of the UK. The most recent Crime Survey for England and Wales (CSEW) estimated that there were 984,000 ‘computer misuse’ offences against individuals in England and Wales in the year ending December 2023. The Government recognises ransomware as the most significant national security cyber threat.

The National Cyber Security Centre (NCSC) discourages paying ransoms, noting that such payments rarely ensure data recovery. The UK Government neither pays ransoms nor condones the payment of ransoms to criminals, always advising against such substantial concessions to hostage-takers or extortionists.

At the Counter Ransomware Initiative (CRI) summit in Washington last year, we led a joint statement signed by 46 countries and Interpol, which pledged that “relevant institutions under the authority of our national government” should not be used to pay a ransomware demand. This was the first international statement of its kind. Our joint statement was a major milestone in achieving international consensus around the non-payment of ransoms.