May 14, 2024 at 12:20PM
The UK’s National Cyber Security Centre (NCSC) collaborated with insurance associations to release a guidance book aimed at preventing organizations from quickly paying ransomware demands. The book provides recommendations and advises against paying ransoms, as it reinforces cybercriminals’ activities. This initiative is viewed as a temporary solution while discussions about a permanent ban on ransom payments continue.
From the provided meeting notes, it is clear that the UK’s National Cyber Security Centre (NCSC) has partnered with insurance associations in an effort to reduce ransom payments to cybercriminals. The partnership has led to the release of a new guidance book aimed at preventing organizations from impulsively responding to ransomware incidents. The coalition, which includes the NCSC, the Association of British Insurers (ABI), the British Insurance Brokers’ Association (BIBA), and the International Underwriting Association (IUA), hopes to provide valuable advice to organizations dealing with such high-stress situations. The guidance book emphasizes the importance of not paying ransoms and offers recommendations such as consulting experts, involving the right people within the organization, investigating the root cause, and avoiding panic.
The NCSC does not encourage or endorse paying ransoms, emphasizing that doing so only signals to criminals that their attacks are effective. The partnership between the NCSC and the insurance sector is seen as a critical step in thwarting the ransomware business model. While an outright legal ban on ransom payments is being discussed at the highest levels of government, the guidance book is viewed as a temporary solution until a more permanent one is established. Despite widespread advice on handling ransomware, many organizations still underestimate the risk of being targeted and adopt a mindset of “it will never happen to me.”
Insurance associations, such as the ABI, already have online tools providing similar advice to the guidance book. The coalition’s collaborative guidance is seen as a positive step in addressing cybercrime across the UK. Experts stress that giving in to ransom demands only encourages cybercriminals to expand their activities. The overall sentiment from the NCSC, insurers, and experts is that any measures undermining the ransomware business model are a step in the right direction.