The UK government is evaluating an extension of its ransomware payment prohibition to critical infrastructure sectors following substantial public consultation and recent cyber incidents.
Approximately 75% of respondents to a government consultation expressed support for the expanded ban, which seeks to shield essential services by disrupting criminal revenue streams. The consultation, conducted between January and April last year, gathered 273 responses that revealed broad agreement alongside worries about potential victim criminalization.
High-profile attacks—including the ransomware strike on pathology services provider Synnovis in June last year—have demonstrated persistent threats to national infrastructure, intensifying pressure for stronger defenses.
International approaches vary widely: certain nations enforce strict critical infrastructure payment bans while others pursue alternative strategies like mandatory reporting frameworks.
The UK’s proposed measure forms part of a comprehensive strategy to enhance cyber resilience, involving new regulatory standards for managed service providers and heightened board-level governance requirements.