Government to fine companies with inadequate cyber security up to £17m
Companies responsible for Britain’s critical industries are being warned that they must boost cyber security. Failing to do socould lead to some heavy fines for leaving themselves vulnerable to attack.
Defence, energy, transport, water and health firms could be fined up to £17m if they fail to have robust controls in place to prevent cyber-attack.
This comes after Gavin Williamson (Defence secretary) warned Russia could cause “thousands and thousands” of deaths in an attack on Britain’s energy supply.
The threat of hefty fines will also cover other threats to IT and information security such as power outages, hardware failure and environmental issues.
Under the new measures recent cyber breaches such as WannaCry and other high profile attacks would be covered by the Network and Information systems (NIS) Directive.
Any such incident would have to be reported to the regulator who shall assess whether appropriate security measures were in place. The regulator will have the power to issue legally binding instructions to improve security and if required impose financial penalties.
UK ministers Margot James aims to create a simple and straightforward reporting system. This shall make the reporting of cyber breaches and IT failures much simpler. This should in turn help issues be identified and dealt with.
Ministers implementing change with new directives
“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online,” James said.
“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.
“I encourage all public and private operators in these essential sectors to take action now and consult the National Cyber Security Centre’s advice on how they can improve their cyber security.”
As the government creates new directives with new powers to fine you, now is the time to ensure your systems are secure. Management systems such as ISO27001 can really help business keep their systems secure, that coupled with robust perimeter defence and user testing and training can keep your systems safe from hackers, fines and reputational damage.