Cyber security warning – UK companies need to boost protection or face fines
Penalties could be as high as £17million
The Government has announced that industries running critical infrastructure could face fines of up to £17 million if they do not have effective cyber security measures.
Energy, transport, water and health firms could be fined up to £17million if they fail to have the most robust safeguards in place against cyber-attacks.
New regulators will be able to assess critical industries, while a simple, straight-forward reporting system will make it easier to report cyber-breaches and IT failures, so they can be quickly identified and acted upon. Fines would be a last resort and will not apply to operators which have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack.
The new measures follow the consultation held last year by the Department for Digital, Culture, Media and Sport seeking views from industry on how to implement the Network and Information Systems (NIS) Directive.
The NIS Directive is an important part of the Government’s five-year £1.9 billion National Cyber Security Strategy to protect the nation from cyber threats and make the UK the safest place to live and work online. It wants to ensure that essential service operators are taking the necessary action to protect their IT systems.