Businesses face fines for not reporting ransomware details


Joseph Brookes
Senior Reporter

The government would fine businesses that fail to report ransomware attacks, including sensitive information about their systems, to cyber agencies under the initial proposal for its upcoming notification scheme.

Companies that are impacted by a ransomware attack, even if no ransom is paid, could be asked to provide the specific vulnerability in their system, what data was compromised and “any other relevant information about the incident or actor”.

The potential reporting requirements were floated on Tuesday in a consultation paper for potential legislative reforms to follow the National Cyber Security Strategy released last month, with stakeholders asked to give feedback over the summer.

Do you know more? Contact James Riley via Email.

Leave a Comment