Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what guidance his Department issues on how (a) schools, (b) NHS trusts and (c) other public bodies should respond to ransomware attacks.

The world leading National Cyber Security Centre provides comprehensive guidance to all UK public bodies on how to respond to ransomware attacks, which can be found. The guidance is clear that central Government funds will not be used by Government departments or Arms Length Bodies (ALBs) to pay ransomware demands and this stance was publicly reiterated in November 2023 when the UK, along with other members of the Counter Ransomware Initiative, signed a joint statement discouraging anyone from paying a ransomware demand.

NHS England and the Department for Education provide bespoke guidance for their respective sectors which is consistent with the wider government’s approach. The Department is committed to harnessing expertise on this subject, including recently hosting a roundtable discussion on academic security with the support of the NCSC, to ensure that guidance continues to be appropriate for the developing threat.