08.08.17
Service operators could face £17m fines for inadequate cyber security
Operators of essential services could face considerable fines if they do not put robust cyber security measures in place in their organisation.
In a statement from the Department for Digital, Culture, Media & Sport (DCMS), it was revealed that fines could be as large as £17m if the measures, which are open to consultation, are pushed forward.
The consultation will also look into how the Network and Information Systems (NIS) Directive is implemented from May 2018.
The government added that fines would only be a last resort, and will not apply to operators that have assessed the risks adequately and engaged with competent authorities, but still suffered attacks.
Organisations affected by the proposed legislation include operators in electricity, transport, water, energy, health and digital infrastructure.
“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards,” said digital minister Matt Hancock.
“The NIS Directive is an important part of this work and I encourage all public and private organisations in those sectors to take part in this consultation so together we can achieve this aim.”
Operators will also need to develop a strategy and policies to understand and manage cyber security risks. These include implementing measures to detect attacks, develop security monitoring and raise staff awareness and training to these issues.
The consultation is part of the National Cyber Security Strategy (NCSS) plan to transform digital security in the UK which is supported by £1.9bn investment.
Part of this strategy included the opening of the National Cyber Security Centre (NCSC), as well as free online advice and training schemes to help businesses and public bodies.
Ciaran Martin, CEO of the NCSC, added: “We welcome this consultation and agree that many organisations need to do more to increase their cyber security.
“The NCSC is committed to making the UK the safest place in the world to live and do business online, but we can’t do this alone.
“Everyone has a part to play and that’s why since our launch we have been offering organisations expert advice on our website and the Government’s Cyber Essentials Scheme.”
The consultation will be open until 30 September 2017.
Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.