Cyber Risk | Episode 4 | Government ransomware proposals part 2

Seaton Gordon and Elizabeth Bardsley return for the second part of our two-part episode on the UK government’s proposals to combat ransomware, exploring how potential new legislation could impact businesses and individuals.

With ransomware attacks continuing to pose a major threat, the UK government has set out a range of legislative proposals to tackle the issue. In this concluding episode, our speakers turn their attention to the third key proposal - a ransomware incident reporting regime.

Other key takeaways they explore:

• The potential introduction of a mandatory 72-hour reporting requirement for ransomware incidents, regardless of whether a ransom is paid.
• The proposed 28-day full reporting obligation, and its potential impact on businesses already dealing with regulatory and operational burdens.
• The UK government’s broader legislative ambitions, including considerations around banning ransom payments, potential costs of implementation, and how far new laws could go.

Seaton and Liz also highlight emerging ransomware trends, such as triple extortion tactics and the blurred lines between ransomware and other cyber extortion threats - issues that are notably absent from the government’s consultation.