Ransomware Harms and the Victim Experience
This project examines the impact of ransomware on victims, economies and societies.
Ransomware is now a significant national security threat to the UK. It continues to impact the operation and delivery of key public and private services, undermining the economic resilience of the country at a pivotal time. However, its exact effects on the UK economy and society remain unclear, and the scale and harms (e.g., physical, economic, societal impacts) at an organisational and individual level vary. Without a better understanding of the harms created by ransomware, policymakers, researchers and practitioners risk misunderstanding the impact ransomware has on the UK economy, society and its citizens. Designing effective policy responses to the challenges presented by ransomware, particularly around the underreporting of ransomware and victims’ willingness to pay ransoms, requires insight into the impact ransomware has on organisations and the individuals that work for them.
Work on the project is funded by RISCS and UK National Cyber Security Centre's Sociotechnical Security Group.
Upcoming event
Project team
Jamie MacColl
Research Fellow
Cyber
Dr Gareth Mott
Research Fellow
Cyber
Dr Pia Hüsch
Research Fellow
Cyber
Dr Jason R. C. Nurse
Associate Fellow; Associate Professor in Cyber Security, University of Kent
James Sullivan
Director, Cyber Research
Cyber
Tom Keatinge
Director, CFS
Centre for Finance and Security
Jen Ellis
Associate Fellow, Founder of NextJenSecurity
Sarah Turner, Research Student, Computing, University of Kent
Keenan Jones, Research Student, Computing, University of Kent
Related projects
Aims and objectives
This project aims to provide significant new insights into the impact of ransomware on the UK economy, society, and its citizens. The project conducts novel research into the harms of ransomware and the experiences of victims who have been affected with the intent of answering the following research questions:
- What are the harms (e.g., physical, economic, societal, psychological) to organisations and individuals in the UK, and to the UK more broadly, from ransomware incidents?
 - How is a ransomware attack experienced by victims, and what factors aggravate or reduce the negative experience(s)?
 - What current issues exist with attempts to measure the scale of, and the types of harms caused by, ransomware to the UK economy?
Â
The project will combine an extensive literature review, workshops with industry and government stakeholders, and interviews with victims of ransomware. This will involve engagements with a diverse global community, law enforcement, policymakers, insurance professionals, cyber security and incident response experts, data breach lawyers and businesses.
If your organisation has been a victim of ransomware and you would like to anonymously part in the research, please contact jamiem@rusi.org.
Sponsor
UK National Cyber Security Centre (NCSC)
Work on Ransomware Harms and the Victim Experience is funded by the UK National Cyber Security Centre (NCSC).
Find out moreRISCS
Work on Ransomware Harms and the Victim Experience is funded by the Research Institute for Sociotechnical Cyber Security (RISCS).
Find out more
Project outputs
The project’s outputs will include two RUSI research papers, at least one academic paper and RUSI commentaries.
