UK unprepared for ransomware attack amid lack of Government investment – report

15 December 2023, 10:14

A laptop screen showing a computer virus warning
NHS cyber attacks. Picture: PA

Ransomware has been used in a number of high-profile cyber attacks, including the Wannacry attack on the NHS in 2017.

The UK is unprepared for a large-scale ransomware attack “at any moment” and could be brought to a standstill unless major changes to planning and preparation are made, a new report says.

Parliament’s Joint Committee on the National Security Strategy (JCNSS) said responsibility for tackling ransomware attacks should be taken off the Home Office – which the report accuses of giving political priority to other issues – and given to the Cabinet Office and overseen directly by the Deputy Prime Minister.

The report said former home secretary Suella Braverman “showed no interest” in the issue and instead focused on issues such as illegal migration and small boats.

Ransomware is a form of cyber attack where hackers breach a system and lock access to data and files, demanding payment in order to release the files or stop them being leaked. It has been used in a number of high-profile cyber attacks, including the Wannacry attack on the NHS in 2017.

The UK has the dubious distinction of being one of the world’s most cyber-attacked nations. It is clear to the committee that the Government’s investment in and response to this threat are not equally world-beating, leaving us exposed...

Dame Margaret Beckett, JCNSS

In its report, the JCNSS says the UK’s regulatory frameworks are insufficient and outdated, and warns that large swathes of the UK’s critical national infrastructure remain vulnerable to ransomware because many still rely on legacy IT systems.

It says there has been a failure to sufficiently invest in safeguards to prevent a major crisis, despite government agencies such as the National Cyber Security Centre (NCSC) warning of the ongoing dangers of ransomware, particularly from hacking groups linked to Russia, China and North Korea in particular.

As part of its report, the committee has also called for a private briefing from the NCSC on preparations to protect the UK from cyber attack ahead of the forthcoming general election, which is expected some time over the next year, citing concerns over possible interference in the democratic process.

Dame Margaret Beckett, chairwoman of the JCNSS, said: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations.

“It is clear to the committee that the Government’s investment in and response to this threat are not equally world-beating, leaving us exposed to catastrophic costs and destabilising political interference.

“In the likely event of a massive, catastrophic ransomware attack, the failure to rise to meet this challenge will rightly be seen as an inexcusable strategic failure.

“Our main legislative framework is irresponsibly outdated and Government missed another chance to rectify this in the latest King’s Speech.

If the UK is to avoid being held hostage to fortune, it is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK’s national security

Dame Margaret Beckett, JCNSS

“The agencies tasked with detecting, responding to and recovering from ransomware attacks – and degrading further attack capabilities – are under-resourced and lacking key skills and capabilities.

“If the UK is to avoid being held hostage to fortune, it is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK’s national security.”

A Government spokesman said: “We welcome the JCNSS’s report and will publish a full response in due course.

“The UK is well prepared to respond to cyber threats and has taken robust action to improve our cyber defences, investing £2.6 billion under our Cyber Security Strategy and rolling out the first ever Government-backed minimum standards for cyber security through the NCSC’s Cyber Essentials scheme.

“We have also, this year, sanctioned 18 criminals responsible for spreading a prolific ransomware strain, taken down a piece of malware that infected 700,000 computers, and led on an unprecedented international statement denouncing ransom payments, signed by 46 nations.

By Press Association

More Technology News

See more More Technology News

Exclusive
The computer game "No Mercy" centres around a male protagonist who is encouraged to "become every woman's worst nightmare", and  "never take no for an answer."

Fury over rape and incest game that tells players to be 'women's worst nightmare', as Tech Secretary slams PC giant

A laptop user with their hood up

Suicide forum investigated under new online safety laws

Person in yellow coat using smartphone on a train

Spyware accessing phone audio and cameras for data ‘of use to China’, NCSC warns

A woman’s hands on a laptop keyboard.

Majority of AI firms working on unhelpful ‘generic’ tools, think tank says

Bafta Games Awards 2025

Astro Bot sweeps Bafta Game Awards with five wins

A detailed new scan of the Titanic has revealed the ship's haunting final hours.

Scan reveals Titanic's final hours in ground-breaking discovery

Sabrina Carpenter's Fortnite avatar (Epic Games/PA)

Sabrina Carpenter joins Fortnite universe as Festival icon

The tools mean the accounts of under-16s are heavily restricted by default (Alamy/PA)

Meta expands Instagram parental controls and brings them to Facebook

a biotech start-up has announced the animals had been brought back to life

Dire wolf extinct for 12,500 years 'brought back to life', scientists claim

A server room in a data centre

Energy and tech giants to meet Government over plans to power UK AI

A message on an iPhone in London warning that Apple can no longer offer Advanced Data Protection to its customers in the UK

Home Office loses bid to keep Apple legal challenge private

Metro Bank website

Metro Bank launches AI-powered scam detection tool

Esther Ghey

Brianna Ghey’s mother considers parent of her daughter’s killer ‘a friend’

Molly Russell

Meta and Pinterest understood to have made donations to Molly Russell charity

TikTok is set to be banned in the United States later this week unless a buyer emerges.

Trump grants TikTok another extension, avoiding US ban, as he says deal to sell app is 'very close'

A TikTok logo on a phone

Q&A: Will TikTok be banned in the US this weekend?