To Fight Ransomware, Turn to Incident Response Professionals

17 Apr 2026 11:59 AM

If the UK hopes to end ransom payments, it must build an ecosystem of accredited cyber incident responders to work with government agencies and move as quickly as criminal operators.

The Home Office is considering a series of proposals to combat ransomware. These proposals include a ban on ransom payments for public sector organisations and owners of Critical National Infrastructure, a ‘payment prevention regime’ that would apply to all other payments and a ransomware incident reporting regime.

We do not debate the merits of a ban on payments or the value of reporting. However, the Home Office’s payment prevention proposal risks leaving under-resourced and ill-equipped businesses to navigate a maze of legal requirements and agencies while criminal groups hold their networks and operations hostage.

As the Home Office considers policies to limit ransomware payments, it should bring the cyber incident response community into the fight.

Small policy changes could incentivise victims to work with expert incident responders to determine if payment is reasonable or necessary to restore networks and services. Many of these professionals are drawn to the field out of a desire to continue the mission of fighting cybercrime. They are deeply familiar with victims’ circumstances and networks, adversary behaviour and all the concomitant trade-offs. If these trusted experts conclude that payment is reasonable, they are equipped to counsel victims on alternatives, determine whether a recipient is subject to sanctions and negotiate more favourable terms. Encouraging victims to work with incident response professionals would also have the added benefit of strengthening the UK cybersecurity industry and providing the scalable capacity that government alone cannot match.

Click here for the full press release