United Kingdom: Published letter to Law Society by ICO and NCSC telling lawyers to stop advising clients to pay ransom requests

On 7 July 2022, the UK Information Commissioner's Office (ICO) and the National Cyber Security Centre (NCSC) published a letter to the Law Society. In it, the NCSC and ICO request the Law Society to relay to its members, that clients should never be advised to conform to ransomware demands and pay ransom requests. This is because paying ransom requests is neither an obligation under data protection law, nor is it a reasonable step to protect data. Furthermore, the individual risk is not reduced by paying ransom requests. Finally, the ICO also pointed out that by paying ransom requests, there will not be a lower penalty as part of any potential investigations by the ICO.