Ransomware Response: Policy, Payment & Protection Strategies

Name: Ransomware Response: Policy, Payment & Protection Strategies
Uploaded: 2026-06-12T20:32:44-04:00
Duration: 6 min 4 s
Description: Experts at Forescout discuss recent trends in ransomware, including the U.K. government’s policies banning public sectors from paying cyber ransoms. Our VP of Security Intelligence, Rik Ferguson,...

Forescout

06/12/2026

0 (0%)

Report Like Favorite

Transcript

I I'm Ali King VP of government affairs at for Scout and we have Rick Ferguson master of Disaster. Okay. Anyways, so we want to talk about ransomware one of your favorite topics that Continues to be a plague for the Western world. What are your thoughts on what can be done moving forward? Yeah, I mean certainly if you're unfortunate enough to be hit by ransomware then you've got to do your initial calculation of you know What are my options and one option is do nothing right remain remain compromised do nothing pay no money try to recover That's not right go our business Did I have the technology and processes in place to be able to recover? Do I have a decent backup regime? Are my backups compromised? Can I tell how far the threat has penetrated into the environment? But when all said and done the biggest decision you're gonna have to make is about the the ransom demand itself, right? Do I have the funds to cover this? Do I have the negotiation expertise to talk to the threat actor and negotiate the sum down? Do I have insurance to my insurance cover ransom payments? There's the only cover recovery and one of the things that we've seen in In the UK in particular, although I think this is a thought process that's being replicated around the world Is the government is currently considering the idea of banning? public institutions health care, for example To from paying ransoms at all. So they literally take that option off the table It's easy to achieve because it's policy not law. It's just a policy for state and stuff and You know my views on whether or not you should pay the ransom have been well documented and they remain kind of the same in That personally I believe the option of being able to pay the ransom must always remain on the table It should absolutely be the option of last resort, but when you look at some of the Actually, very recent ransomware attacks change health care. It's a great example Sinovus in the UK is another fantastic example People's lives are on the line as a result of these attacks and you don't have all the time in the world to consider your Options, so if you have a choice between paying the ransom or losing a life that choice to me seems pretty clear so putting a policy in place that takes that that card out of your hand is Ill-advised to say the least. Can you also share your thoughts on? Ransom payments can be you know, a tax write-off deductible. Yeah, it's for me. That's a crazy situation It means at the end of the day the person paying the ransom is the taxpayer, right? It comes out of the public purse. So there is almost No disincentive for the victim to pay the ransom particularly if it's a large Organization with great tax lawyers and accountants that know exactly how to put that through the books as a tax write-off And then there's no loss no material loss of the business So step number one is to remove that from the tax code, right? Just to say that if you get hit by a ransom that is not the cost of doing business. That is a result of security policies whether that's around network architecture data encryption About securing the perimeter whether that's around zero trust. There are plenty of options but if you allow people to get away with Not putting in the maximum effort, then they will continue to do that Exactly you've got either transfer to the taxpayer transfer to the insurance company What we need to be sure is that people who are impacted by ransomware? The as I said, the payment is the absolute last resort not actually the root of least resistance And so because this is a criminal Activity that has permeated and is scalable that is now as a national security issue, you know, what would you say? to a medium or small business Who are trying to figure out if they need? insurance, what's the right approach so You own a store and you know that you do have some data that you could potentially be a target. What would you? Advise them to do where can I start because it seems like a very big problem and me being a you know in a school district because on the other side of the equation on the power curve is some very Sophisticated nations state-sponsored attackers and it just seems like not a fair fight But we have to change our mentality and our approach So what would you do or what would you tell them to do? There are a few really important things that you need to know and it's knowledge upfront, which is the most important, right? The most of this list of five my five knows of cybersecurity and it's like don't know your threat actor know your Risk posture and so on the fifth one is know your limits and I think in answer to this question That's the most important thing Understand what you are capable of as a defender and understand where you need help because there's plenty of help out there There's plenty of cyber security solution providers Which will allow you either directly or through through partners to outsource your security to them So, yes, you're being targeted by highly sophisticated nation-state aligned or highly experienced cyber criminal threat actors But you can ally yourself with the same highly experienced cyber security professionals and providers and benefit from their Financing their knowledge their experience. So know your limits and Understand that what goes outside of your limits you can find a right partner for that You

TL;DR

UK government is considering banning public sector institutions from paying ransoms, a policy that removes critical options when lives are at stake in healthcare attacks
Current tax codes allowing ransom payments as deductible business expenses transfer costs to taxpayers and eliminate financial incentives for strong security practices
Small and medium businesses facing sophisticated threats should know their limits and partner with experienced cybersecurity providers to outsource security capabilities

Summary

This discussion examines critical ransomware response decisions facing organizations today, with particular focus on the UK government's consideration of banning public sector ransom payments. Forescout's VP of Security Intelligence Rik Ferguson and VP of Government Affairs Ali King explore the complex calculus victims face when hit by ransomware — from assessing backup integrity and threat penetration depth to evaluating insurance coverage and negotiation capabilities. The conversation addresses controversial policy questions including whether ransom payments should remain tax-deductible, arguing that current tax treatment effectively transfers the cost to taxpayers and removes financial disincentives for inadequate security preparation. For smaller organizations facing sophisticated nation-state-aligned threats, the experts emphasize the importance of knowing your limits and partnering with experienced cybersecurity providers who can level the playing field. The overarching message: ransom payment should always remain an option of absolute last resort, particularly when lives are at stake in healthcare attacks, but organizations must invest in preventive security measures rather than treating ransomware as an acceptable cost of doing business.

Chapters

0:00 - Introduction to Ransomware Discussion
0:56 - Victim Decision Framework
1:42 - UK Government Payment Ban Policy
2:52 - Tax Deductibility Problem
4:18 - Guidance for Small Organizations

Key Quotes

2:13 "... personally I believe the option of being able to pay the ransom must always remain on the table ..."
2:35 "... if you have a choice between paying the ransom or losing a life that choice to me seems pretty clear ..."
3:00 "It means at the end of the day the person paying the ransom is the taxpayer, right? It comes out of the public purse."

FAQ

Should organizations ever pay ransomware demands?

Payment should remain an option of absolute last resort, particularly when lives are at stake (such as healthcare ransomware attacks like Change Healthcare or Synnovis). However, organizations should exhaust all recovery options first, including backup restoration, threat containment assessment, and insurance coverage evaluation before considering payment.

How can small businesses defend against sophisticated ransomware actors?

Small organizations should know their limits and partner with experienced cybersecurity solution providers who can outsource security capabilities. This allows smaller defenders to benefit from the same level of expertise, financing, and experience that sophisticated threat actors possess, effectively leveling the playing field.

Categories:

» Webinar Library » Forescout
» Data Protection

Tags:

Show more Show less

TL;DR

Summary

Chapters

Key Quotes

FAQ

Action1: The Remediation Gap: Vulnerability Management in the Age of AI

The AI-Powered VMware Alternative

LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

Schutz von KI in Anwendungen, Agenten und APIs.