The UK government has issued a warning across multiple critical service industries, reminding them to ramp up effective cybersecurity measures or face fines.
Margot James, the UK’s minister for digital and creative industries, has implored brands operating in a number of critical industries including electricity, water, healthcare, air, sea and rail transport and telecoms, among others, to upgrade their cybersecurity infrastructure. The move is to improve their resilience against online threats following high-profile cyberattacks on brands like TalkTalk and organizations like the NHS.
The new system will enforce rules that will mandate companies to report IT failures and cyber breaches to the regulator, who will then determine if appropriate cybersecurity measures were in place. Accordingly, the regulator will have the authority to issue legally-binding instructions to improve the companies’ cybersecurity posture and even enforce financial penalties, if appropriate.
Penalties could reach up to £17 million ($24 million) if they do not have effective cybersecurity measures, particularly in energy, transport, water and health sectors.
In quotes, Margot James stated:
Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online. We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.
Furthermore, the National Cyber Security Centre (NCSC) has published a detailed guidance to help organizations comply, based on 14 key principles.
Pointedly, fines will remain a last resort and will not apply to operators who have suffered attacks after having proactively assessed the risks in an adequate manner, take appropriate security measures while engaging regulators.
Image credit: Pexels.