Hospitals, utilities, and transport networks will be better protected from cyber-attacks under new legislation introduced in Parliament.
The Cyber Security and Resilience Bill aims to strengthen national security and safeguard essential services that millions of people and businesses rely on every day.
The Bill, which comes as part of the government’s Plan for Change, will:
- Regulate medium and large IT service providers for the first time, requiring them to report significant cyber incidents within 24 hours and maintain robust response plans.
- Give regulators new powers to designate critical suppliers to essential services, such as healthcare diagnostics providers and water treatment suppliers, ensuring they meet minimum security standards.
- Introduce tougher turnover-based penalties for serious breaches, making cutting corners more costly than compliance.
- Empower the Technology Secretary to instruct regulators and organisations like NHS trusts and utilities to take urgent steps to prevent attacks where national security is at risk.
The Bill covers sectors including healthcare, transport, energy, and water, and will also bring data centres and organisations managing smart-energy flows into scope. These measures aim to close supply chain vulnerabilities and reduce risks to consumers and businesses.
Recent incidents highlight the urgency, including hackers accessing the Ministry of Defence payroll system in 2024, and the Synnovis NHS cyber-attack disrupting over 11,000 medical appointments and cost an estimated £32.7 million.
Dr Richard Horne, CEO of the National Cyber Security Centre, said:
“The real-world impacts of cyber-attacks have never been more evident than in recent months, and at the NCSC we continue to work round the clock to empower organisations in the face of rising threats.
“As a nation, we must act at pace to improve our digital defences and resilience, and the Cyber Security and Resilience Bill represents a crucial step in better protecting our most critical services.
“Cyber security is a shared responsibility and a foundation for prosperity, and so we urge all organisations – no matter how big or small – to follow the advice and guidance available at ncsc.gov.uk and act with the urgency that the risk requires.”
According to the Office for Budget Responsibility, a major cyber-attack on critical infrastructure could increase borrowing by £30 billion, while new research shows the average cost of a significant UK cyber-attack is £190,000, totalling £14.7 billion annually.
The Bill supports the National Security Strategy, aiming to deliver economic stability, protect public services, and boost investment in the UK’s cyber security sector, which contributed £13.2 billion to the economy last year. Organisations can access free guidance from the National Cyber Security Centre, including Cyber Essentials and the Cyber Assessment Framework, to strengthen resilience.
Image credit: iStock
