Is the UK right to ban ransomware payments?
24/11/2025 | Financial Times
An article in the Financial Times (£) explores whether the government is right to consider implementing a ransom payment ban for operators of critical national infrastructure (CNI) as part of its long-awaited Cyber Security and Resilience Bill (CSR Bill). While intended to deter hackers from extorting money and disabling essential services, critics warn the measure could have severe unintended consequences, forcing managers to choose between breaking the law and allowing vital services to collapse.
The article suggests the government should tread carefully, noting the ban could leave the UK isolated. Before proceeding, key questions must be addressed, including defining critical infrastructure and preventing circumvention by foreign-based owners. Penalising victims or prompting hackers to switch tactics would not enhance security. Instead, the FT advises the government to push for mandatory reporting of payments, as countries such as Australia have adopted. It also recommends distinguishing between ransom payments to criminal gangs threatening to release exfiltrated personal data versus those that disrupt operations, and working with insurers to reduce payments becoming the path of least resistance.
£ - This article requires a subscription.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.