UK businesses could face up to £17 million or four per cent of their global turnover in fines if they fail to protect themselves from cyber attacks, the government has announced.
The Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation into how the UK should implement the plans, which are part of the EU’s Security of Network and Information Systems Directive, set to become law across the member states next May.
It has been designed to ensure that essential services – electricity, transport, water, energy, transport, health and digital infrastructure – are protecting themselves as robustly as possible in the face of increasing numbers of cyber attacks, which come along with the world’s rising reliance on technology.
The government said the plans will also cover other threats to IT, including power failures, hardware failures and environmental hazards.
Digital minister Matt Hancock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards.”
According to Mr Hancock, cyber attacks can cause “significant damage to the UK economy,” as they impede economic activity and undermine user confidence, which can result in substantial financial losses.
Companies that have tried to protect themselves from cyber threats but still suffer attacks will not face the fines, the government said.
The plans are part of the DCMS’ response to the WannaCry attack that hit the NHS – as well as other institutions around the world – earlier this year, bringing down systems and resulting in chaos across hospitals and surgeries across the country.