New legislation looks to toughen UK cyberdefences and critical infrastructure

News
By published

Cyber threats cost £15 billion per year - here's the plan to cut this out

Image Credit: Shutterstock
  • Critical services and infrastructure around the world are under attack
  • A new bill has been introduced with greater protections for UK organsations
  • Regulators will be given stronger powers to punish serious breaches

The UK Government has introduced its new Cyber Security and Resilience Bill to Parliament as part of its efforts to overhaul British cyberdefences for critical infrastructure and services.

The UK, like many other countries, has been on the receiving end of disruptive attacks to vital health services as well as energy and water providers, and the bill looks to expand the Network and Information Systems regulations (NIS) to cover more of the supply chain, including vendors and digital infrastructure.

This is a key consideration, as the vast majority of the latest high-profile and damaging attacks have stemmed from third-party breaches.

An onus on businesses

Another facet of the legislation is the mandatory incident reporting to provide better data for the government, helping to build a better picture of the cyber landscape and therefore better understand the protections needed.

Regulators will also be given additional powers to ensure suppliers make minimum security requirements and shut down any gaps that could be exploited by cybercriminals. They can also hand out harsher penalties for serious breaches;

"So cutting corners is no longer cheaper than doing the right thing. That’s because companies providing taxpayer services should make sure they have tough protections in place to keep their systems up and running," the Secretary of State for Science, Innovation, and Technology declared.

The new bill requires medium and large firms that provide cybersecurity, IT management, and IT help desk support to both private and public organisations to vigilantly report potentially significant cyber incidents to the government and to customers for better transparency - giving businesses a bigger responsibility in protection and recovery.

But, as with every new piece of legislation, this could be a compliance burden for the organisations affected, as it takes real collective effort to protect public services against threat actors.

“The Cyber Security and Resilience Bill is going to motivate companies to transform how they secure access to critical infrastructure,“ explains Ev Kontsevoy, CEO at Teleport.

“Compliance will mean navigating through accumulated audit toil, making sense of patchworks of VPNs, shared credentials, and SSH keys that never expire.”

Best identity theft protection header
The best ID theft protection for all budgets

➡️ Read our full guide to the best identity theft protection
1. Best overall:
Aura
2. Best for families:
IdentityForce
3. Best for credit beginners:
Experian IdentityWorks

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.