Firms with poor cyber security measures could face fines of £17m, government warns

09 Aug 2017

The government has warned that businesses could face fines of up to £17 million or 4% of global turnover if they do not take appropriate measures to protect against cyber-attacks.

Water, energy, transport and health firms have been advised to safeguard against hacking and cyber threats. The government has stressed that fines will only be issued ‘as a last resort’.

Businesses will also be required to demonstrate that they have plans in place to cover power failures and environmental disasters.

The proposals have been put forward as part of a consultation which aims to decide how to implement a new Network and Information Systems (NIS) Directive. The new Directive will form part of the government’s National Cyber Security Strategy.

The Directive relates to loss of service, as opposed to loss of data, and will be implemented from May 2018.

Digital Minister, Matt Hancock, said: ‘We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.’