Ransomware Harms and the Victim Experience

This project examines the impact of ransomware on victims, economies and societies.

lorenzo rossi / Alamy Stock Photo

Ransomware is now a significant national security threat to the UK. It continues to impact the operation and delivery of key public and private services, undermining the economic resilience of the country at a pivotal time. However, its exact effects on the UK economy and society remain unclear, and the scale and harms (e.g., physical, economic, societal impacts) at an organisational and individual level vary. Without a better understanding of the harms created by ransomware, policymakers, researchers and practitioners risk misunderstanding the impact ransomware has on the UK economy, society and its citizens. Designing effective policy responses to the challenges presented by ransomware, particularly around the underreporting of ransomware and victims’ willingness to pay ransoms, requires insight into the impact ransomware has on organisations and the individuals that work for them.

Work on the project is funded by RISCS and UK National Cyber Security Centre's Sociotechnical Security Group.

lorenzo rossi / Alamy Stock Photo

Related projects

Incentivising Cyber Security Through Cyber Insurance

This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.

Ransomware: The Role of Cyber Insurance

The project investigates the relationship between cyber insurance and ransomware.

Aims and objectives

This project aims to provide significant new insights into the impact of ransomware on the UK economy, society, and its citizens. The project conducts novel research into the harms of ransomware and the experiences of victims who have been affected with the intent of answering the following research questions:

  • What are the harms (e.g., physical, economic, societal, psychological) to organisations and individuals in the UK, and to the UK more broadly, from ransomware incidents?
  • How is a ransomware attack experienced by victims, and what factors aggravate or reduce the negative experience(s)?
  • What current issues exist with attempts to measure the scale of, and the types of harms caused by, ransomware to the UK economy?


The project will combine an extensive literature review, workshops with industry and government stakeholders, and interviews with victims of ransomware. This will involve engagements with a diverse global community, law enforcement, policymakers, insurance professionals, cyber security and incident response experts, data breach lawyers and businesses.

If your organisation has been a victim of ransomware and you would like to anonymously part in the research, please contact jamiem@rusi.org.

Project outputs

The project’s outputs will include two RUSI research papers, at least one academic paper and RUSI commentaries.

Latest publications

View all publications

    Explore related projects


    Incentivising Cyber Security Through Cyber Insurance

    Ransomware: The Role of Cyber Insurance

    Cyber Threats Programme