Essential service firms who fail to implement effective cyber security measures face fines in the UK of up to £17m, or 4% of their global turnover.
The new government proposals are aimed at making Britain’s essential networks and infrastructure safe, secure and resilient against the risk of future cyber attacks.
The Department of Digital, Culture, Media & Sport’s consultation document is part of the implementation of the EU’s Network and Information Systems (NIS) Directive, which has to be implemented from May 2018.
Fines would be the last resort, and they will not apply to operators that have assessed the risks adequately, taken appropriate security measures and engaged with competent authorities but still suffered an attack.
Comments are closed.