The UK government plans to tighten cyber incident reporting by requiring organisations to notify authorities within 24 hours of a ransomware attack. The move is part of a broader effort to improve national cyber resilience and give officials faster visibility into threats.

Under the proposed rules, affected organisations would also be expected to provide follow-up details after the initial alert. Officials say the faster reporting window is meant to help law enforcement and cyber defenders respond more quickly, track attack patterns, and reduce damage.

Ransomware has remained a costly and disruptive threat for businesses, public services, and critical infrastructure in Britain and beyond. Mandatory reporting has been pitched as a way to close information gaps that can leave authorities reacting too slowly to fast-moving intrusions.

The proposal reflects growing pressure on governments to strengthen digital defenses as criminal groups continue to target hospitals, companies, and public agencies with extortion attacks. The final shape of the policy will depend on how the government turns the plan into law and what exemptions, if any, are included.