The UK's Joint Committee on National Security Strategy (JCNSS) released an unprecedented and critical parliamentary report on Wednesday, saying that the UK "could face a catastrophic ransomware attack at any time" due to the government's failures in dealing with ransomware.
The report singled out former home secretary Suella Braverman, saying she had "no interest in the topic" despite her department claiming to be the government lead on this national security risk and policy issue.
Citing "a revealing article in the Record," JCNSS said it "compared public statements about ransomware with statements about another major policy issue - illegal immigration."
"We found that the Home Office's public output on cybersecurity and ransomware was almost zero, dwarfed by its focus on small boats and illegal immigration," the JCNSS said.
The report calls for the Home Office's ransomware responsibilities to be removed and transferred to the Cabinet Office, working with the National Cyber Security Center and the National Crime Agency, "under the direct supervision of the Deputy Prime Minister as part of an overall approach to cyber security and resilience".
Margaret Beckett, chair of the JCNSS, said: "The UK is one of the countries most exposed to cyberattacks in the world. It is clear to the committee that the government's investment in and response to this threat is not equally unique around the world."
"With the potential for a large-scale catastrophic ransomware attack, failure to rise to the challenge will be seen as an inexcusable strategic failure," Beckett warned.
The report warned that governments "knew the potential for large-scale ransomware attacks was high but did not invest enough to prevent catastrophic losses later on," and recommended greater investment in a number of areas.
As RecordedFutureNews previously reported, ransomware attacks have reached record levels in the UK, with the number of attacks in the first six months of this year almost equaling that of all of last year, with central and local governments reporting more attacks than ever before.
As well as recommending that responsibility for dealing with ransomware be transferred to the Cabinet Office, the report also calls for increased investment in the UK's National Computer Security Council (NCSC) and the UK's National Command Agency (NCA) so that they can help public sector organizations when they are affected by a ransomware attack.
"The National Computer Security Council should be funded to establish an enhanced, dedicated local authority cyber resilience programme, including intensive support for local exercise and securing council supply chains," the committee wrote.
The committee also called on the government to "invest more resources into the National Crime Agency's response to ransomware, allowing it to take a more aggressive approach to infiltrating and disrupting ransomware operators".
Looking ahead to the 2024 general election, Beckett said: "If the UK is to avoid being held hostage to wealth and electoral disruption, then ransomware must become an even more urgent political priority, and significant further resources invested in tackling this harmful threat to UK national security."
A government spokesman said they welcomed the report and would "issue a full response in due course".
In their brief statement, they highlighted how the government has targeted 18 criminals operating in the ransomware ecosystem in two tranches of sanctions this year - while also signing an international statement condemning ransomware as part of the Counter Ransomware Initiative.
The spokesman stressed there were no plans to abolish the Home Office's role as the lead department for cybercrime.
Paul Foster, deputy director of the National Cybercrime Branch at the National Cybercrime Agency, said: "Cybercrime knows no borders and many cybercriminals operate in hard-to-reach jurisdictions, so innovative and collaborative responses are needed to tackle cybercrime... We are making good progress, but as the report makes clear, as a system we can do more to ensure the UK is protected."