Rawf8 - stock.adobe.com

News

UK businesses fear stigma of ransomware

Data from the UK’s Report Fraud service reveals the scope of ransomware attacks is going underreported, with few businesses confident enough to identify themselves as victims

Alex Scroxton
By
Published: 29 Jun 2026 9:30

Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal activity or defying compliance regulations.

Data gleaned from the national Report Fraud service – which is run by the City of London Police – reveals that 323 organisations in the UK reported a ransomware attack to it between April 2025 and March 2026.

Out of these, 175, over 50% of the total, related to small and medium enterprises (SMEs), said the force, and combined, all the reported attacks resulted in financial losses of £270,000, a figure that likely highlights the extent of underreporting in the business community.

“Ransomware remains a serious and evolving threat to organisations of all sizes across the UK,” said Report Fraud operations head, chief superintendent Amanda Wolf.

“The most effective defence is preparation. We encourage businesses to be proactive – through regular data backups, strong access controls, keeping systems up to date and following National Cyber Security Centre [NCSC] guidance. These can all significantly reduce the risk and impact of an attack.

“If a business is experiencing a ransomware attack, it should be reported immediately by calling Report Fraud on 0300 123 2040, where a dedicated team is available to provide support and guidance during an incident,” she said.

Security without shame

Jake Moore, global cyber security advisor at ESET, said: “One of the biggest barriers to tackling ransomware is that so many organisations still feel they have to deal with it in silence.

“Falling victim has been seen as a weakness, with businesses fearing reputational damage or criticism if they admit to an attack. But with every incident that goes unreported, it makes it harder for law enforcement and peers to understand how these groups operate.”

Moore told Computer Weekly that the more open organisations are to admitting that they have fallen victim to ransomware, the quicker everybody can learn how to better protect themselves going forward.

“Learning a ransomware group’s craft and sharing their techniques is actually one of the strongest tactics to mitigate against ransomware and will better protect future targets than keeping it all under wraps,” said Moore.

“The few organisations that have blogged about their specific attacks will have inevitably saved many more attempts from being successful. We won’t stop ransomware attacks altogether, but when it comes to learning how they operate, sharing is caring.”

Report Fraud is today launching a new ransomware awareness campaign, highlighting how important it is to be upfront and report cyber criminal activity and cyber attacks.

Doing so ultimately helps the government, including bodies such as the NCSC understand the true scale of the problem and better organise a whole-of-society response to cyber criminality.

The campaign also stresses the importance of not giving in to cyber criminal extortion and paying a ransom. Paying out runs contrary to accepted advice and neither the NCSC nor law enforcement agencies endorse or condone this strategy; besides funding criminals there is also no guarantee that encrypted or stolen will be returned.

More advice and guidance on how to respond to a ransomware attack is available from the NCSC, which also provides a Cyber Action Toolkit.

Read more about ransomware

  • Analysis of a form of ransomware called Vect has uncovered a serious flaw that breaks its core functionality and turns it from a locker to a wiper.
  • Ransomware exponents can target identity, bypassing technical defences. Boards should prioritise identity security, align investments, and embed cyber risk in governance.
  • Ransomware-as-a-service operations are increasingly seeking to forge connections with employees, contractors and trusted partners of their target organisations as an alternative to straight-up hacking, says NCC.

Read more on Data breach incident management and recovery