Ransomware Harms and the Victim Experience

This project examines the impact of ransomware on victims, economies and societies.




lorenzo rossi / Alamy Stock Photo


Ransomware is now a significant national security threat to the UK. It continues to impact the operation and delivery of key public and private services, undermining the economic resilience of the country at a pivotal time. However, its exact effects on the UK economy and society remain unclear, and the scale and harms (e.g., physical, economic, societal impacts) at an organisational and individual level vary. Without a better understanding of the harms created by ransomware, policymakers, researchers and practitioners risk misunderstanding the impact ransomware has on the UK economy, society and its citizens. Designing effective policy responses to the challenges presented by ransomware, particularly around the underreporting of ransomware and victims’ willingness to pay ransoms, requires insight into the impact ransomware has on organisations and the individuals that work for them.

Work on the project is funded by RISCS and UK National Cyber Security Centre's Sociotechnical Security Group.

lorenzo rossi / Alamy Stock Photo

Upcoming event


Webinar: The Psychological Impact of Ransomware - 17 January 2023 14:00 - 15:00

Join us for the launch event, run in partnership with the University of Kent, of a new RUSI paper on the ransomware harms experienced by individuals, organisations and society.

Project team


Jamie MacColl

Research Fellow

Cyber

View profile

Dr Gareth Mott

Research Fellow

Cyber

View profile

Dr Pia Hüsch

Research Fellow

Cyber

View profile

Dr Jason R. C. Nurse

Associate Fellow; Associate Professor in Cyber Security, University of Kent

View profile

James Sullivan

Director, Cyber Research

Cyber

View profile

Tom Keatinge

Director, CFS

Centre for Finance and Security

View profile

Jen Ellis

Associate Fellow, Founder of NextJenSecurity

View profile

Sarah Turner, Research Student, Computing, University of Kent

View profile

Keenan Jones, Research Student, Computing, University of Kent

View profile

Related projects


Projects
Incentivising Cyber Security Through Cyber Insurance

This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.

Ransomware: The Role of Cyber Insurance

The project investigates the relationship between cyber insurance and ransomware.

Aims and objectives

This project aims to provide significant new insights into the impact of ransomware on the UK economy, society, and its citizens. The project conducts novel research into the harms of ransomware and the experiences of victims who have been affected with the intent of answering the following research questions:

  • What are the harms (e.g., physical, economic, societal, psychological) to organisations and individuals in the UK, and to the UK more broadly, from ransomware incidents?
     
  • How is a ransomware attack experienced by victims, and what factors aggravate or reduce the negative experience(s)?
     
  • What current issues exist with attempts to measure the scale of, and the types of harms caused by, ransomware to the UK economy?

 

The project will combine an extensive literature review, workshops with industry and government stakeholders, and interviews with victims of ransomware. This will involve engagements with a diverse global community, law enforcement, policymakers, insurance professionals, cyber security and incident response experts, data breach lawyers and businesses.

If your organisation has been a victim of ransomware and you would like to anonymously part in the research, please contact jamiem@rusi.org.

Project outputs

The project’s outputs will include two RUSI research papers, at least one academic paper and RUSI commentaries.

Latest publications

View all publications


    Explore related projects

    Incentivising Cyber Security Through Cyber Insurance
    Projects

    Incentivising Cyber Security Through Cyber Insurance

    Ransomware: The Role of Cyber Insurance

    Ransomware: The Role of Cyber Insurance

    Cyber Threats Programme

    Cyber Threats Programme