UK organisations could face fines for cyber security failures

The Government is considering new proposals that would give financial penalties to UK organisations that have failed to take measures to prevent cyber-attacks.

The consultation launched on Tuesday came following the recent a global ransomware attack affecting the NHS which resulted in a huge number of operations being cancelled, patient records made unavailable and ambulances diverted.

Another example was the cyber attack to hit British Airways (OTCMKTS:BAIRY), which left 80,000 passengers stranded and cost the airline £80 million.

Digital Minister Matt Hancock said any fines would be a last resort but are being introduced to ensure that essential services such as energy, transport, water and health firms are safeguarded against hacking attempts.

Advertisement

“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.”

“The magnitude, frequency and impact of network and information system security incidents is increasing. Recent events such as the WannaCry ransomware attack, the 2016 attacks on US water utilities, and the 2015 attack on Ukraine’s electricity network clearly highlight the impact that can result from adversely affected network and information systems.

“There is a need to therefore improve the security of network and information systems across the UK, with a particular focus on essential services  which if disrupted, could potentially cause significant damage to the UK economy, society and individuals’ welfare.”

Ciaran Martin, the chief executive of the National Cyber Security Centre said: “The NCSC is committed to making the UK the safest place in the world to live and do business online, but we can’t do this alone,” he said. “Everyone has a part to play and that’s why since our launch we have been offering organisations expert advice on our website and the government’s Cyber Essentials Scheme.”

The government crackdown comes at a time when cyber attacks are becoming increasingly common in the UK. A government survey earlier this year found 46 percent of British businesses discovered at least one cyber-security breach or attack in the past year.