Skip to main content

75% of UK Businesses Would Break a Ransomware Payment Ban to Save Their Company, Risking Criminal Charges

July 30, 2025

A survey conducted by Commvault among UK business leaders indicated a notable disparity between the support for a proposed ban on ransomware payments and the likelihood of adherence to such a ban. While 96% of respondents from companies with revenues exceeding £100 million endorsed a blanket ban on payments, 75% stated they would still choose to pay a ransom if necessary to safeguard their organization.

The proposal seeks to prohibit ransom payments by public sector entities, including those operating critical national infrastructure such as schools and energy providers. If the ban were enacted, private sector businesses would need to notify the government of any intent to pay a ransom. Support for the ban stands at 94% for public sector organizations and 99% for private organizations, yet compliance is expected to be limited. Only 10% of businesses indicated they would fully comply with the ban in the event of a cyber attack.

Survey results also indicated that one-third of proponents of the ban believe it would enhance government support for cyber resilience, while a similar proportion suggested it could reduce the frequency of attacks by removing the incentive for perpetrators. The UK Government's recent Cyber Security Breaches Survey 2025 highlighted that 43% of UK businesses experienced a cyber breach or attack within the last year.

Given the rising threat landscape, nearly all surveyed leaders (98%) view cyber readiness and recovery as top spending priorities. This shift indicates an acknowledgment that investing in resilience and recovery technologies is more effective than relying on ransom payments.

Darren Thomson, Field CTO (security) for EMEA at Commvault, noted, “Paying a ransom rarely guarantees recovery and often increases the likelihood of being targeted again.” Jane Frankland MBE, CEO of Knewstart, added that companies must strengthen their cyber resilience to ensure operational capacity during cyber incidents.

This research was administered by Censuswide, which surveyed 1,000 UK business leaders between June 4 and June 6, 2025. The findings display a significant gap between policy support and practical application in the face of cyber threats.