Surge in Ransomware Attacks Across the UK

The British government has reported a concerning increase in ransomware attacks against organizations within the U.K., despite a notably low rate of incident reporting among victims. This rise comes as officials contemplate regulatory changes including a potential ban on ransom payments by public sector entities and mandatory incident disclosures.

A recent survey conducted by the government examined 2,180 businesses, 1,081 charities, and 574 educational institutions in its annual assessment released on April 10. While the overall rate of cyber attacks targeting U.K. organizations has declined over the past year, ransomware incidents have increased markedly, raising alarms within the cybersecurity community.

The study indicated that the estimated percentage of ransomware attacks surged from less than 0.5% in 2024 to an alarming 1% in 2025, translating to approximately 19,000 businesses affected this year alone. These statistics reflect a significant shift in the threat landscape, which is becoming increasingly challenging for organizations to navigate.

High-profile cases have underscored the real-world implications of this trend. For instance, a ransomware incident involving a National Health Service hospital in Northwest England in November 2024 resulted in the cancellation of outpatient appointments. Furthermore, a separate attack on an IT vendor contributed to blood shortages across U.K. hospitals, highlighting the widespread consequences of such cyber crimes.

According to the report from the Department of Science, Innovation and Technology, 4% of large businesses and 3% of medium-sized businesses admitted to paying ransom. Meanwhile, the overall lack of external reporting remains a significant concern, with only one-third of the surveyed organizations having protocols in place for reporting cyber breaches.

Under current U.K. regulations, organizations must notify the Information Commissioner’s Office of any hacking instances within 72 hours if personal data is compromised. However, the government has noted that the limited reporting hinders their understanding of the actual scale of ransomware threats affecting the nation. In February, the U.K. government opened a consultation regarding proposed mandatory ransomware reporting and a possible ban on ransom payments, indicating a shift towards stricter oversight.

The anticipated regulations, likely to be integrated into the forthcoming U.K. Cyber Security and Resilience Bill, would prohibit government agencies and operators of critical infrastructure from making ransom payments and require them to report cyber incidents within 72 hours. These measures reflect an urgent response to the growing threat posed by ransomware and underline the need for heightened cybersecurity protocols and preparedness across all sectors.