BeyondtheVote
Sign in

Committee publication · Correspondence · 23 July 2025

Letter from the Minister for Security relating to the Government's response to the public consultation on Ransomware legislative proposals, 22 July 2025

From: Business and Trade Sub-Committee on Economic Security, Arms and Export Controls

Inquiry: UK economic security

Summary

The Security Minister writes to inform the Business and Trade Sub-Committee that the Home Office is publishing today its response to a 12-week public consultation (14 January–8 April 2025) on ransomware legislative proposals. The consultation received 273 responses showing broad support for three measures: a targeted ban on ransomware payments for critical national infrastructure and public sector; an economy-wide payment prevention regime; and mandatory incident reporting. Recent attacks on Marks & Spencer (£300m+ loss) and the Legal Aid Agency demonstrate the threat.

Key findings

  • 72% of consultation respondents agreed HMG should implement a targeted ban on ransomware payments for CNI owners/operators and public sector; 82% agreement among CNI/public sector respondents.
  • 47% net agreement for an economy-wide ransomware payment prevention regime for all organisations and individuals not covered by targeted ban; mixed views overall on this measure.
  • 63% of respondents supported introduction of an economy-wide mandatory incident reporting regime.
  • Government received 273 consultation responses over 12 weeks and held 36 engagement events with over 1,000 stakeholders; feedback identified cross-cutting concerns on scope, CNI definitions, penalties/enforcement, and organisational resilience support.
  • Proposed package would constitute first specific measures in UK law to counter ransomware; Government will align proposals with forthcoming Cyber Security and Resilience Bill.

Tone

Procedural

Topics

cybersecurityransomwarecritical-national-infrastructurelegislationpublic-consultation

Key actors

Dan Jarvis MBE MP, Liam Byrne MP, Home Office, Business and Trade Sub-Committee on Economic Security, Arms and Export Controls, Marks & Spencer, Legal Aid Agency, UK Government

Notable line

This package of proposals would be the first specific measures in UK law to counter ransomware.

Key Quotes

Recent ransomware incidents highlight the threat and damage these types of attacks have on our economy and way of life.
Dan Jarvis MBE MP · Opening rationale for intervention
Marks & Spencer revealed that ongoing harm from a ransomware attack would likely cost the company at least £300 million.
Dan Jarvis MBE MP · Illustrating scale of economic damage
The proposals in the consultation aim to break the ransomware business model, change victim behaviour, and harden the UK against this threat.
Dan Jarvis MBE MP · Explaining policy objectives
View original document →

Source · parliament.uk record ↗

Letter from the Minister for Security relating to the Government's response to the public consultation on Ransomware legislative proposals, 22 July 2025 | Beyond The Vote | Beyond The Vote