Ciaran Martin, who stepped down as head of the UK’s National Cyber Security Centre this month, will call on Boris Johnson’s government to make it illegal for companies to pay cyber hackers a ransom.

“If I had one policy card to play in the next year, I would ask for a serious examination of whether we should change the law to make it illegal for organisations in the UK to pay ransoms in the case of ransomware,” Martin will tell the Royal United Services Institute on Sept 18.

“The case is not a slam dunk, and if the answer is no, then we should think of something else to counter ransomware, the single biggest contemporary scourge in cyber space.”

Johnson’s government is part-way through a review of the UK’s defense and security policy. Due to be published in November, it will set out a strategic direction for conventional warfare, espionage and countering cyber threats.

It could also update the nation’s outdated spying legislation, including the Official Secrets Act, which was designed before cyber warfare was properly considered.

According to insurer Hiscox Ltd, which published a 2020 survey on cybercrime, one in six businesses attacked in eight western nations were held to ransom, with costly consequences. Some of the largest losses were seen in Britain, including one UK financial services firm which was hit by an attack worth US$87.9mil .

Martin, who is now a professor at Oxford University, will also announce he is joining private equity investors Paladin Capital Group as a managing director, offering expertise in cyber threats.

 - Bloomberg