{"id":1224,"date":"2024-01-12T09:26:24","date_gmt":"2024-01-12T09:26:24","guid":{"rendered":"https:\/\/blogs.kent.ac.uk\/ris\/?p=1224"},"modified":"2025-05-19T12:43:59","modified_gmt":"2025-05-19T11:43:59","slug":"research-by-cyber-expert-informs-uk-national-security-ransomware-report","status":"publish","type":"post","link":"https:\/\/blogs.kent.ac.uk\/ris\/2024\/01\/12\/research-by-cyber-expert-informs-uk-national-security-ransomware-report\/","title":{"rendered":"Research by cyber expert informs UK national security ransomware report"},"content":{"rendered":"<p>A collaborative research project co-led by Kent Cyber Security expert,\u00a0<a href=\"https:\/\/www.kent.ac.uk\/computing\/people\/3103\/nurse-jason\">Dr Jason Nurse<\/a>,\u00a0has informed a new National Security Strategy report into the threat of ransomware. The report titled \u2018A hostage to fortune: ransomware and UK national security\u2019 was commissioned by the Joint Committee on the National Security Strategy (appointed by the House of Lords and the House of Commons).<\/p>\n<p>The research project was funded by the UK\u2019s National Cyber Security Centre (NCSC) and Research Institute for Sociotechnical Cyber Security (RISCS), and offered substantial new insights and analysis into the complex question of whether cyber insurance can help organisations in mitigating the threat of ransomware, particularly its impacts.<\/p>\n<p>The research team found that ransomware has been a key cause of the \u2018hardening\u2019 of the cyber insurance market, which is exhibited at almost all levels of the market. Such hardening has been beneficial in raising the security standards required prior to purchase, yet it has also created a situation where some organisations may not be able to acquire viable cyber insurance at all. It has become increasingly inaccessible as cyber insurers reassess their\u00a0risk exposure to ransomware and apply greater scrutiny to their portfolios.<\/p>\n<p>The research also revealed a split in the ongoing debate about banning payments to ransomware gangs; slightly favouring\u00a0not\u00a0banning ransom payments. However, there was near-uniform consensus that, were a ban to be implemented, it should cover\u00a0all\u00a0payments of ransoms, rather than specifically cover insurance reimbursement of ransom payments.<\/p>\n<p>Dr Nurse, who is Reader in Cyber Security at the\u00a0<a href=\"https:\/\/www.kent.ac.uk\/computing\">School of Computing<\/a>\u00a0and\u00a0Public Engagement lead for the\u00a0<a href=\"https:\/\/research.kent.ac.uk\/cyber\/\">Institute of Cyber Security for Society (iCSS)<\/a>, said: \u2018Cyber insurance and ransomware are two of the most studied areas within security research and practice to date, and their interplay continues to raise concerns in industry and government.<\/p>\n<p>\u2018For small-to-medium-sized businesses (SMEs) and other organisations with limited financial reserves, cyber insurance may be the\u00a0only\u00a0viable means of offsetting the financial risks of a potential ransomware breach. Yet, our research identified that\u00a0with cyber insurance becoming more and more inaccessible, consumers are increasingly finding the renewal process to be a \u2018dragons den\u2019 experience.\u00a0This is concerning as insurance plays a vital role in mitigating the ransomware threat for those that can access it, alongside a wider basket of actions that must also come from involved stakeholders.\u2019<\/p>\n<p>The JCNSS report\u00a0<a href=\"https:\/\/committees.parliament.uk\/publications\/42493\/documents\/211438\/default\/\">\u2018A hostage to fortune: ransomware and UK national security\u2019<\/a>\u00a0is available on the UK Parliament website.<\/p>\n<p>The research paper which summarises the work from the project is titled \u2018Between a rock and a hard(ening) place: Cyber insurance in the ransomware era\u2019 and is published in the\u00a0<em>Computers &amp; Security<\/em>\u00a0Journal. doi:\u00a0<a href=\"https:\/\/doi.org\/10.1016\/j.cose.2023.103162\">10.1016\/j.cose.2023.103162<\/a><\/p>\n<p><em>The University-wide and cross-disciplinary Institute of Cyber Security for Society (iCSS) is one of 19 Academic Centres of Excellence in Cyber Security Research (ACEs-CSR), jointly recognised by the National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council. In 2023, it was recognised by the NCSC as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) with a Gold Award. Kent is now one out of only 12 ACEs-CSE in the UK to obtain Gold status.<\/em><\/p>\n<p><em>iCSS promotes wide-ranging interdisciplinary research in cyber security and helps enhance the cyber security skills and awareness of Kent students and the wider community. This is achieved through a diverse range of cyber security activities, including research, educational activities, professional training, industrial consultancies, expert talks and media communications. iCSS\u2019 external partnerships with industries, governmental bodies and non-governmental organisations (NGOs) enables its\u2019 researchers to develop wide-ranging collaborations with the cyber security community in the UK and worldwide.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A collaborative research project co-led by Kent Cyber Security expert,\u00a0Dr Jason Nurse,\u00a0has informed a new National Security Strategy report into the threat of ransomware. The &hellip; <a href=\"https:\/\/blogs.kent.ac.uk\/ris\/2024\/01\/12\/research-by-cyber-expert-informs-uk-national-security-ransomware-report\/\">Read&nbsp;more<\/a><\/p>\n","protected":false},"author":74795,"featured_media":1225,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[282613,13897,256065,9112,228278],"tags":[79492],"_links":{"self":[{"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/posts\/1224"}],"collection":[{"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/users\/74795"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/comments?post=1224"}],"version-history":[{"count":1,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/posts\/1224\/revisions"}],"predecessor-version":[{"id":1226,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/posts\/1224\/revisions\/1226"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/media\/1225"}],"wp:attachment":[{"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/media?parent=1224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/categories?post=1224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.kent.ac.uk\/ris\/wp-json\/wp\/v2\/tags?post=1224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}