Ransomware Preparedness must become a strategic priority for organizations as cyberattacks grow more disruptive and difficult to contain, according to Richard Horne, CEO of the UK’s NCSC (National Cyber Security Centre).

Speaking during the FBI’s Ahead of the Threat podcast, Horne urged business leaders to assess whether their organizations could continue operating if critical IT systems were unavailable for four weeks. His remarks come amid growing concerns over ransomware, AI-driven cyber threats, and the increasing speed at which attackers exploit known vulnerabilities.

Ransomware Preparedness Requires Planning Beyond Paying a Ransom

A key message from Horne was that organizations should not view ransom payments as a recovery strategy. Instead, effective Ransomware Preparedness depends on resilience, tested recovery plans, and executive support.

According to Horne, ransomware attacks typically involve two forms of extortion. Attackers steal sensitive data and threaten to publish it, while also encrypting systems and demanding payment for decryption keys. He noted that paying criminals does not guarantee data will be deleted or systems fully restored.

Referencing lessons learned from Operation Cronos, the international law enforcement operation that disrupted the LockBit ransomware group, Horne said investigators found instances where victim data remained on criminal infrastructure even after ransom payments had been made.

NCSC Warns Organizations About the Coming Patch Wave

The discussion also highlighted concerns about a growing Patch Wave, a term used by the NCSC to describe the anticipated surge in vulnerability disclosures and exploitation attempts fueled by artificial intelligence.

FBI Cyber Division Assistant Director Brett Leatherman pointed to recent industry findings showing that attackers are exploiting known vulnerabilities faster than defenders can remediate them. Internet-facing devices and VPNs have become increasingly attractive targets, while the window between disclosure and exploitation continues to shrink.

Horne stressed that organizations need long-term planning rather than short-term reactions. He encouraged businesses to develop multi-year cybersecurity roadmaps and ensure security investments remain a priority across budget cycles.

CyberUK Discussions Focused on Executive Accountability

Reflecting on discussions held during CyberUK, the UK’s flagship cybersecurity conference hosted by the NCSC, Horne emphasized that cybersecurity cannot remain solely the responsibility of technical teams.

He noted that many Chief Information Security Officers face challenges securing organizational support despite having visibility into technology risks. According to Horne, leadership teams must actively participate in managing cyber risk rather than treating it as an isolated IT issue.

The conversation also addressed burnout among cybersecurity professionals, with both Horne and FBI officials acknowledging the operational strain placed on defenders during major incidents, including ransomware attacks and large-scale vulnerability disclosures.

Public-Private Cooperation Remains Critical

Beyond technical defenses, Horne highlighted the importance of collaboration between governments, law enforcement agencies, and the private sector.

He said threat intelligence sharing creates a continuous cycle in which organizations identify threats, share findings, improve defenses, and generate new intelligence that benefits the wider cybersecurity community. Horne also pointed to growing opportunities to use artificial intelligence to accelerate threat detection and response efforts.

As ransomware groups continue targeting businesses worldwide, the message from both the FBI and the NCSC was clear: organizations must invest in Ransomware Preparedness, strengthen resilience plans, and prepare for a future where cyber incidents are not a possibility but an expectation.