UK Faces ‘Very Significant’ Level Of Cyber Attacks, Says Security Minister

The UK is facing a “very significant” number of cyber attacks each year, the security minister has warned, as the government sets out new plans to disrupt the business model used by cybercriminals.

Dan Jarvis said proposed measures from the Home Office aim to send a clear message that ransom demands will not be tolerated. The changes would ban public sector bodies and operators of critical national infrastructure from paying hackers. Private sector firms, while not subject to the same ban, would be required to notify the government if they intend to make a payment.

Speaking to the PA news agency, Jarvis said the UK is not alone in facing frequent cyber attacks, but the new rules are designed to strengthen defences and improve accountability.

“These attacks are completely unacceptable,” he said. “There’s more that we need to do to guard against them and that’s why we’re introducing these measures.”

He said the proposals would make the UK a less attractive target for cybercriminals. “We think these proposals will provide a powerful deterrent. What we’re wanting to do is break the business model of the cyber criminals who think they can get away with extorting money from UK-based institutions.”

The government also plans to introduce a mandatory reporting regime that would require companies and public bodies to disclose ransomware incidents. Jarvis said more transparency would improve national intelligence and response efforts.

Ransomware is a type of malicious software that allows attackers to encrypt or steal data from a victim’s computer systems and demand a ransom for its return. The tactic has been increasingly used against UK companies in recent months.

Four young people were recently arrested in connection with cyber attacks targeting major retailers including Marks & Spencer, the Co-op and Harrods. Microsoft also revealed that Chinese state-linked hackers had breached its SharePoint software in an attempt to access sensitive corporate and government data.

The proposals follow calls from industry leaders for tougher reporting standards. M&S chairman Archie Norman told MPs that businesses should be legally required to report major cyber incidents. He said recent attacks against large UK firms had gone unreported and identified DragonForce, an Asia-based ransomware group, as the likely perpetrator in one case.

While the government has yet to publish detailed guidance on enforcement, Jarvis said the aim was to improve clarity, share intelligence more effectively, and ensure cyber criminals “face the full weight of UK law”.