National Cyber Security Centre

Lord Harris of Haringey Excerpts
Monday 16th October 2023

(1 year, 2 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Ahmad of Wimbledon Portrait Lord Ahmad of Wimbledon (Con)
- Hansard - - - Excerpts

My Lords, my noble friend raises a couple of important points. First, on ransom demands, as she will be aware, it is the firm position of the Government and UK law enforcement that we do not encourage, endorse or indeed condone the payment of ransom demands. For example, if you pay a ransom after your computer has been affected or your systems have been impacted, there is no guarantee that you will not be targeted in the future by criminal groups. In that regard, Lindy Cameron, the CEO of the NCSC, and the Information Commissioner have written to the Law Society and the Bar Council.

However, the Government offer specific support, including to small businesses. There are the 10 Steps to Cyber Security and the Small Business Guide; there is also a ransomware portal that provides fresh advice, as well as the NCSC’s assured cyber incident response scheme. It is ever evolving, but the Government are very robust, and we are working across departments to ensure that we give the best information and response possible.

Lord Harris of Haringey Portrait Lord Harris of Haringey (Lab)
- Hansard - -

My Lords, of course, I refer to my interests in the register. I suspect that the excellent schemes that the Minister has outlined are very useful but that they do not address the question that the noble Baroness, Lady McIntosh, asked. If a company or organisation is subjected to a ransomware attack, can it get tailored help as to what to do in real time from the NCSC, and how do people know how to access that?

Lord Ahmad of Wimbledon Portrait Lord Ahmad of Wimbledon (Con)
- Hansard - - - Excerpts

My Lords, if the noble Lord reflects on the answer that I gave, he will see that I answered the question quite directly. The first point is, “Don’t pay”, because the experience is that there is no assurance. Of course, a small company will have limited resources, and some of the portals, information and websites, as well as the response that I have outlined, are designed to help exactly those kinds of small businesses in their response. However, one thing is very clear, whether it is within my department or the Home Office: that by paying such demands there is no assurance, for a small or a large company, that a ransom attack will not happen again.