Firms face threat of new £17 million cyber security fines

Gladys Abbott
August 8, 2017

The Government is considering new proposals that would give financial penalties to United Kingdom organisations that have failed to take measures to prevent cyber-attacks.

The UK government has threatened the companies, that are not sufficiently protected from cyber attacks, to fine up to £17 million, reports BBC. More information on the proposals can be found here and the consultation documents are here.

We'd like to know Engineer readers' opinions on these enforcement measures.

Matt Hancock, a senior British government official in charge of digital and culture, said, "We want our essential services and infrastructure to be prepared for the increasing risk of cyber attack and be more resilient against other threats such as power failures and environmental hazards". Do the measures go far enough in encouraging companies to protect themselves?

However, the fines will be used as a last resort and will not be applied to service operators who have put in appropriate cyber security defences but have still suffered a hack attack.

The Department for Digital, Culture, Media and Sport said it also wanted to see action to detect attacks, develop security monitoring and raise staff awareness, as well as ensuring incidents were reported immediately and that systems were in place for recovery.

NIS is separate from the EU's General Data Protection Regulations - due to be in force by May 2018 - which are created to protect against loss of data, rather than loss of service.

More news: Transfert : Kylian Mbappé veut quitter Monaco

It comes after several major global cyber attacks in recent months, including the WannaCry attack that crippled large parts of the NHS and another major ransomware attack that hit numerous world's largest firms.

He urged public and private providers to weigh-in on the consultation.

It is separate from the General Data Protection Regulations (GDPR), which are aimed at protecting data, rather than services.

Together, the NIS Directive and the GDPR are expected to force companies operating in the European Union to become more cyber resilient and develop robust incident response plans.

The NIS Directive, once implemented, will form an important part of the government's five-year £1.9bn National Cyber Security Strategy, the government said.

Under the proposals out for consultation, critical infrastructure organisations will need to develop a cyber security strategy and adopt policies that both understand and manage the potential cyber attack risks they could face.

Other reports by LeisureTravelAid

Discuss This Article