The government is looking to bring in stringent new measures and hefty fines for companies which fail on the security front and end up getting hacked or compromised as a result.
At the moment, these are plans being discussed as part of a consultation, with a view to being incorporated into the so-called Network and Information Systems (NIS) Directive will come into force next May. Should the measures go ahead, this will allow for the imposition of financial penalties of up to £17 million or a maximum of 4% of the firm’s global turnover.
The fines would be levelled at essential utilities providers – electricity, gas, water – along with transport operators and health firms (the latter brings to mind WannaCry, of course, which is doubtless a big part of the government’s motivation here). In other words, it’s aimed at those involved with the country’s critical infrastructure, for which it’s obviously highly important to guard against disruption from cyber-attacks.
The government made it clear that imposing fines would be a last resort, and only businesses which had failed to take appropriate steps in security, or hadn’t properly assessed risks would be hit by the penalties.
So this certainly isn’t the proposition of blanket fines for anybody who is hacked, just those companies which are deemed not to have invested properly in securing their systems and data.
Minister for Digital, Matt Hancock, commented: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.”
As Hancock mentions, the directive will also address any lack of preparedness in dealing with events such as power outages.
- Another security consideration is getting the best antivirus software