Skip to main content

75% of UK Businesses Would Break a Ransomware Payment Ban to Save Their Company, Risking Criminal Charges

August 20, 2025

A survey conducted by Commvault among UK business leaders highlights a contrast between the strong support for a ban on ransom payments and the likelihood of compliance with such a ban. While 96% of executives from companies earning over £100 million favor a total ban on ransom payments, 75% indicated they would still opt to pay a ransom if it meant protecting their organization.

The proposed ban would prevent public sector organizations, including critical services like schools and energy suppliers, from making ransom payments. Should the ban be implemented, private sector businesses would be required to inform the government of any ransom payment intentions. Support for the ban is high, at 94% among public sector stakeholders and 99% among private sector participants, yet compliance appears limited, with only 10% of respondents claiming they would fully adhere to the ban following a cyber attack.

Additionally, the survey suggests that one-third of those who support the ban believe it would lead to improved government assistance for cyber resilience, while a similar number think it may decrease the frequency of attacks by removing the payment incentive for cybercriminals. The UK Government's Cyber Security Breaches Survey 2025 reported that 43% of businesses in the UK experienced a cyber breach or attack in the past year.

As cyber threats continue to rise, a significant majority of surveyed leaders (98%) now prioritize investments in cyber readiness and recovery. This reflects a growing recognition among organizations that enhancing resilience and recovery capabilities is more viable than depending on ransom payments.

Darren Thomson, Field CTO (security) for EMEA at Commvault, pointed out, “Paying a ransom rarely guarantees recovery and often increases the likelihood of being targeted again.” Meanwhile, Jane Frankland MBE, CEO of Knewstart, emphasized the need for companies to bolster their cyber resilience to maintain operational capacity during cyber incidents.

This research was conducted by Censuswide, surveying 1,000 UK business leaders from June 4 to June 6, 2025. The findings reveal a notable gap between expressed support for policies and the practical realities faced by organizations in dealing with cyber threats.