Ransomware’s return prompts UK to survey cyber insurance market

An increase in ransomware attacks has prompted the UK’s Department for Science, Innovation and Technology (DSIT) to commission a survey so it can “better understand” the cyber insurance market. It will be carried out by Grant Thornton.

The survey, which has a deadline of February 14, focuses on small and medium-sized businesses of 10 to 249 employees, with participation from leaders and cyber insurance decision-makers at SMEs across the UK. The DSIT said they aim to understand “the approach UK-based SMEs take towards cyber insurance” and potential cyber attacks.

Research by the Association of British Insurers (ABI) has found that SMEs are “severely exposed” to cyber attacks and are failing to use cyber insurance to mitigate the risk. “Our research has shown that, beyond financial safeguards, those who take out appropriate insurance also benefit from improved cyber security practices and education about the risks they face and tools on how to manage them,” said Laura Hughes, ABI head of general insurance policy.

The DSIT survey follows the launch of a new cyber insurance consortium in December 2024 by UK insurance and reinsurance provider Lloyd’s of London and US-based compliance management firm HITRUST. The consortium offers information risk management and security controls, combining cyber security practices with tailored insurance plans.

Alongside the launch, Lloyd’s of London and the ABI co-published a guide for reinsurers on “how to approach defining a major cyber event”. The framework aims to simplify the process of grouping, categorising, and systematically analysing cyber incidents involved in risk assessment and aggregation.

“The emerging and incredibly complex nature of cyber threats are a crucial challenge to our industry,” said Mervyn Skeet, director of general insurance policy at the ABI. “We’ve been able to develop a framework and a consistent set of components for firms to consider when trying to build their own definitions.”

Back in the spotlight

As the cyber insurance market grows, cyber fincrime has returned to the spotlight in 2025 — particularly ransomware that infects a victim’s computer system, accesses sensitive data, and often demands payment of cryptocurrency.

On January 14, the UK Home Office proposed to introduce legislation to counter ransomware, increase incident reports and reduce payments to criminals. It launched a public consultation that closes on April 8.

The Home Office’s proposal highlights the resurgence of ransomware attacks, with the National Crime Agency‘s statistic indicating the number of UK victims on ransomware leak websites has doubled since 2022.

“Organisations across the country need to strengthen their ability to continue operations in the face of the disruption caused by successful ransomware attacks,” the Home Office said.

Sanctions imposed

Meanwhile, the United States, the UK, and Australia joined efforts on February 11, to combat ransomware imposing sanctions on Zservers, a Russian hosting services provider, for its role in supporting LockBit ransomware attacks.

The sanctions were imposed by the US Department of the Treasury, Australia’s Department of Foreign Affairs and Trade, and the UK’s Foreign Commonwealth and Development Office.

“Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure” said Bradley Smith, acting under secretary of the Treasury for terrorism and financial intelligence.

He added: “Today’s trilateral action with Australia and the UK underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”