The UK government is unprepared for a major ransomware attack, with a high risk of such an attack happening “at any moment,” according to a report from the Joint Committee on National Security Strategy (JCNSS). The Parliamentary select committee’s report criticized the government for failing to treat ransomware as a serious threat and providing inadequate assistance to ransomware attack victims.
- The report identified many key public and private institutions that have been victims of ransomware attacks, including Manchester Police, Royal Mail, the British Library, and the Barts Health NHS Trust hospital group.
- JCNSS chair Dame Margaret Beckett said that while the UK is among the world’s most cyber-attacked nations, its investment in addressing cyber threats is far from “world-beating.”
- The report noted the Home Office’s lack of interest in ransomware and suggested transferring responsibility for it to the Cabinet Office, the National Cyber Security Centre, and the National Crime Agency.
- The JCNSS also recommended creating a central reporting mechanism for ransomware attacks and determining whether UK organizations should be required to report such attacks, along with increasing funding for the National Cyber Security Centre and the National Crime Agency to help deal with ransomware threats.
According to the report, the Home Office and former home secretary Suella Braverman showed “no interest” in ransomware, prioritizing issues like illegal migration instead. It suggests that the government’s lack of focus on this threat is resulting in ransomware being “relentlessly deprioritized.”
If the UK wants to avoid being constantly threatened by ransomware attacks, it must make this issue a higher political priority and allocate more resources towards tackling this threat, according to Beckett.