Organisations in the UK could now face fines of up to £17m or 4% of their annual turnover, if they fail to take measures to prevent online cyber-attacks, that could result in severe disruption to services such as transport, health or electricity works.
The move comes after the devastating WannaCry attack that left the NHS in disarray, the cyber-attack, that effected thousands of computers left operations cancelled, ambulances being diverted and patient records becoming unavailable. Following this, British Airways was to suffer a major IT failure, leaving 75,000 passengers stranded and a bill of £80m.
Ciaran Martin, the chief executive of the National Cyber Security Centre, said organisations needed to do more to increase cyber security.
“The NCSC is committed to making the UK the safest place in the world to live and do business online, but we can’t do this alone,” he said. “Everyone has a part to play and that’s why since our launch we have been offering organisations expert advice on our website and the government’s Cyber Essentials Scheme.”
The proposals lay out financial penalties as a ‘last resort’ but will be imposed for those who cannot prove they have assessed all the risks adequately. Should this legislation make its way through parliament successfully it could play a huge part in tackling the surge in cybercrime that the UK has experienced over the past 18 months. Tougher punishments should be in place for those who are so complacent over what cybercrime can really mean for businesses, despite their size or sector.