As the UK moves to prohibit government agencies from paying ransoms to hacker groups, organizations are questioning whether they can endure an attack.

For a long time the question of what to do when facing a ransomware attack has included the question of whether or not to pay the ransom, and we’ve always advised that this is a question for your cybersecurity insurance provider (and potentially law enforcement). 

However, the Government of the UK is joining a growing number of groups that believe a ban on ransom payments is the best way to combat those criminals… and in a scenario where you’re not allowed to make a payment, what is an organization to do?

While most of us still have the option to pay a ransomware group (depending on our cyber insurance policy), we tend to agree with the idea that the best course of action is to never need to make that payment to begin with. To that end, an organization needs to focus on resilience: avoiding an attack to begin with and failing that, having ways to recover lost data and offline systems.

Technology such as endpoint detection and response can be of great benefit, but the biggest factor in breaches remains the human factor: employee awareness can go a long way toward keeping your systems secure. Additionally, having a robust incident response program and disaster recovery testing—including data backups—will help make sure you’re able to recover from an incident without needing to pay a criminal organization.

We don’t know of any plans by US legislators to prohibit payments to ransomware organizations, but with the right planning, training and testing whether or not to pay can be a question you never need to ask.