#Commvault #Ransomware #UK Businesses

The Ransomware Conundrum: UK Businesses at a Crossroads

In a troubling survey conducted by Commvault, a leading provider of cybersecurity solutions, it was uncovered that a staggering 75% of UK businesses are willing to breach a proposed ban on ransomware payments if it means safeguarding their organization. This profound discrepancy between principle and action highlights a critical issue facing modern enterprises today.

While 96% of business leaders from companies with revenues over £100 million expressed support for a payment ban in both public and private sectors, a remarkable 75% admitted they would pay a ransom if that was the sole option to protect their organization, potentially exposing themselves to civil or criminal penalties. The research indicates a troubling reality: while the theoretical support for a ban is high, companies are prepared to turn to ransom payments when their survival is at stake.

The Proposed Ban and Its Implications

The proposed legislation aims to prohibit ransom payments across public sector organizations, including schools and local authorities, as well as critical national infrastructure operators like energy and telecom providers. In a nod to the challenges faced by the private sector, businesses not covered under this ban would still be required to notify the government of intent to pay a ransom.

Despite this, 99% of survey respondents believe private organizations should adhere to a payment ban, illustrating a strong consensus on paper but a distinct lack of commitment to follow through if it becomes a matter of survival.

Analysing the sentiments further, the survey revealed that only 10% of private sector respondents would comply with the ban if their organization faced an attack, while an additional 15% would remain indifferent. This reflects a concerning trend where businesses acknowledge the necessity of a ban yet realize that, in practice, their choices diverge when lives, operations, and reputations are on the line.

The Broader Context of Cybersecurity in the UK

The urgency of addressing ransomware is emphasized in the recent Cyber Security Breaches Survey 2025, revealing that 43% of UK businesses have experienced a cybersecurity breach or attack within the past year. Consequently, 98% of businesses are prioritizing cyber readiness and recovery, realizing that the most effective defense against ransomware lies in robust resilience strategies rather than reactive payment measures.

The reality is sobering: recovery processes following a cyberattack average a staggering 24 days, translating into significant financial loss, particularly for smaller firms, which face the existential threat of potential bankruptcy. As such, reliance on payment as a defensive strategy is increasingly viewed as futile, often leading to recurrent targeting by cybercriminals.

Darren Thomson, Field CTO (Security) for Commvault, posits that **