UK companies worry stigma of ransomware
Worry of stigmatisation is probably going main companies throughout the UK to drastically underreport knowledge on ransomware assaults, particularly after they have paid a ransom to a cyber felony gang, as admission of such is commonly seen as supporting additional felony exercise or defying compliance laws.
Knowledge gleaned from the nationwide Report Fraud service – which is run by the Metropolis of London Police – reveals that 323 organisations within the UK reported a ransomware assault to it between April 2025 and March 2026.
Out of those, 175, over 50% of the whole, associated to small and medium enterprises (SMEs), mentioned the pressure, and mixed, all of the reported assaults resulted in monetary losses of £270,000, a determine that probably highlights the extent of underreporting within the enterprise neighborhood.
“Ransomware stays a critical and evolving menace to organisations of all sizes throughout the UK,” mentioned Report Fraud operations head, chief superintendent Amanda Wolf.
“The simplest defence is preparation. We encourage companies to be proactive – by means of common knowledge backups, robust entry controls, holding programs updated and following Nationwide Cyber Safety Centre [NCSC] steerage. These can all considerably scale back the danger and influence of an assault.
“If a enterprise is experiencing a ransomware assault, it must be reported instantly by calling Report Fraud on 0300 123 2040, the place a devoted crew is obtainable to supply help and steerage throughout an incident,” she mentioned.
Safety with out disgrace
Jake Moore, international cyber safety advisor at ESET, mentioned: “One of many greatest boundaries to tackling ransomware is that so many organisations nonetheless really feel they need to cope with it in silence.
“Falling sufferer has been seen as a weak spot, with companies fearing reputational injury or criticism in the event that they admit to an assault. However with each incident that goes unreported, it makes it tougher for legislation enforcement and friends to know how these teams function.”
Moore advised Pc Weekly that the extra open organisations are to admitting that they’ve fallen sufferer to ransomware, the faster everyone can learn to higher defend themselves going ahead.
“Studying a ransomware group’s craft and sharing their methods is definitely one of many strongest ways to mitigate towards ransomware and can higher defend future targets than holding all of it below wraps,” mentioned Moore.
“The few organisations which have blogged about their particular assaults could have inevitably saved many extra makes an attempt from being profitable. We gained’t cease ransomware assaults altogether, however in the case of studying how they function, sharing is caring.”
Report Fraud is at the moment launching a brand new ransomware consciousness marketing campaign, highlighting how vital it’s to be upfront and report cyber felony exercise and cyber assaults.
Doing so in the end helps the federal government, together with our bodies such because the NCSC perceive the true scale of the issue and higher organise a whole-of-society response to cyber criminality.
The marketing campaign additionally stresses the significance of not giving in to cyber felony extortion and paying a ransom. Paying out runs opposite to accepted recommendation and neither the NCSC nor legislation enforcement companies endorse or condone this technique; in addition to funding criminals there may be additionally no assure that encrypted or stolen can be returned.
Extra recommendation and steerage on how to answer a ransomware assault is obtainable from the NCSC, which additionally offers a Cyber Motion Toolkit.
