In a bid to make the UK the safest place in the world for citizens and businesses alike, the Department for Digital, Culture, Media and Sport are considering the introduction of hefty fines for businesses who fail to implement adequate cyber security measures to protect their IT systems and infrastructure.
The proposal comes as part of the NIS Directive, which is a ground-breaking piece of legislation currently being adopted by member states of the European Union to improve their cybersecurity capabilities.
The NIS Directive when implemented in May 2018 will form a vital piece of the UK Government’s five-year National Cyber Security Strategy to better prepare the country to challenge the increasing threat of cyber-attacks.
It has been suggested that fines could reach eye-watering amounts of up to £17 million or 4% of global turnover for organisations with lax security strategies which fail to meet proposed government standards.
To avoid such penalties, organisations will be required to manage risk by ensuring that they understand how to prevent attacks, whilst also having measures in place to detect sophisticated attacks, report them immediately and recover quickly.
Organisations who have actively engaged with safer and more secure practice but suffer an attack nonetheless; will be eliminated from the disciplinary action.
View the full article here: https://www.gov.uk/government/news/new-fines-for-essential-service-operators-with-poor-cyber-security