Main Image Credit lorenzo rossi / Alamy Stock Photo
Ransomware is now a significant national security threat to the UK. It continues to impact the operation and delivery of key public and private services, undermining the economic resilience of the country at a pivotal time. However, its exact effects on the UK economy and society remain unclear, and the scale and harms (e.g., physical, economic, societal impacts) at an organisational and individual level vary. Without a better understanding of the harms created by ransomware, policymakers, researchers and practitioners risk misunderstanding the impact ransomware has on the UK economy, society and its citizens. Designing effective policy responses to the challenges presented by ransomware, particularly around the underreporting of ransomware and victims’ willingness to pay ransoms, requires insight into the impact ransomware has on organisations and the individuals that work for them.
Work on the project is funded by RISCS and UK National Cyber Security Centre's Sociotechnical Security Group.
Dr Gareth Mott
Research Analyst for Cyber, Technology and National Security
Dr Jason R. C. Nurse
Associate Fellow; Associate Professor in Cyber Security, University of Kent
Director, Cyber Research
Centre for Financial Crime and Security Studies
Associate Fellow, Founder of NextJenSecurity
Gareth Mott, Lecturer in Security and Intelligence, University of Kent
Sarah Turner, Research Student, Computing, University of Kent
Keenan Jones, Research Student, Computing, University of Kent
This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.
Aims and objectives
This project aims to provide significant new insights into the impact of ransomware on the UK economy, society, and its citizens. The project conducts novel research into the harms of ransomware and the experiences of victims who have been affected with the intent of answering the following research questions:
- What are the harms (e.g., physical, economic, societal, psychological) to organisations and individuals in the UK, and to the UK more broadly, from ransomware incidents?
- How is a ransomware attack experienced by victims, and what factors aggravate or reduce the negative experience(s)?
- What current issues exist with attempts to measure the scale of, and the types of harms caused by, ransomware to the UK economy?
The project will combine an extensive literature review, workshops with industry and government stakeholders, and interviews with victims of ransomware. This will involve engagements with a diverse global community, law enforcement, policymakers, insurance professionals, cyber security and incident response experts, data breach lawyers and businesses.
If your organisation has been a victim of ransomware and you would like to anonymously part in the research, please contact email@example.com.
UK National Cyber Security Centre (NCSC)
Work on Ransomware Harms and the Victim Experience is funded by the UK National Cyber Security Centre (NCSC).Find out more
Work on Ransomware Harms and the Victim Experience is funded by the Research Institute for Sociotechnical Cyber Security (RISCS).Find out more
The project’s outputs will include two RUSI research papers, at least one academic paper and RUSI commentaries.