The UK is at high risk of ‘catastrophic’ ransomware attacks that could cost the country billions of pounds, according to a parliamentary committee report. The warning comes from the Joint Committee on the National Security Strategy which says the country is not effectively planning to prevent a large-scale cyber attack.

The report warns that outdated infrastructure and poor planning and says that swathes of UK critical national infrastructure – much of which is operated by the private sector – remain vulnerable to ransomware, particularly in sectors still relying on legacy IT systems. Senior National Crime Agency officials noted that there is a “soft underbelly” to every organisation that uses a third-party software provider.

The JCNSS report went on to say that the UK is unprepared for the “high risk” of a catastrophic ransomware attack “at any moment”. It says there will be “no excuse” for the current failure to invest sufficiently to prevent a major crisis.

Dame Margaret Beckett, chair of the committee, said: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations. It is clear to the committee that the government’s investment in and response to this threat are not equally world-beating, leaving us exposed to catastrophic costs and destabilising political interference. In the likely event of a massive, catastrophic ransomware attack, the failure to rise to meet this challenge will rightly be seen as an inexcusable strategic failure.

“Our main legislative framework is irresponsibly outdated and government missed another chance to rectify this in the latest King’s Speech. The agencies tasked with detecting, responding to and recovering from ransomware attacks – and degrading further attack capabilities – are under-resourced and lacking key skills and capabilities. If the UK is to avoid being held hostage to fortune, it is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK’s national security.”

The report highlights the role of cyber insurance in providing a vital lifeline for ransomware victims, but argues that there is a woeful lack of UK coverage, adding that premiums are unaffordable and have increased drastically in recent years. The committee suggests that the government should work with the insurance sector to establish a re-insurance scheme for major cyber-attacks, akin to Flood Re.

---