(Bloomberg) -- Ciaran Martin, who stepped down as head of the U.K.’s National Cyber Security Centre this month, will call on Boris Johnson’s government to make it illegal for companies to pay cyber hackers a ransom.

“If I had one policy card to play in the next year, I would ask for a serious examination of whether we should change the law to make it illegal for organizations in the U.K. to pay ransoms in the case of ransomware,” Martin will tell the Royal United Services Institute on Friday. “The case is not a slam dunk, and if the answer is no, then we should think of something else to counter ransomware, the single biggest contemporary scourge in cyber space.”

Johnson’s government is part-way through a review of the U.K.’s defense and security policy. Due to be published in November, it will set out a strategic direction for conventional warfare, espionage and countering cyber threats.

It could also update the nation’s outdated spying legislation, including the Official Secrets Act, which was designed before cyber warfare was properly considered.

According to insurer Hiscox Ltd., which published a 2020 survey on cyber crime, one in six businesses attacked in eight western nations were held to ransom, with costly consequences. Some of the largest losses were seen in Britain, including one U.K. financial services firm which was hit by an attack worth $87.9 million.

Martin, who is now a professor at Oxford University, will also announce he is joining private equity investors Paladin Capital Group as a managing director, offering expertise in cyber threats.

©2020 Bloomberg L.P.