The UK government has warned firms providing "critical" services that they could risk fines of up to £17m if they do not have effective cyber security measures in place.
Brands operating in the electricity, oil and gas, water, healthcare, air, sea, road and rail transport, telecoms, and digital space (like cloud service providers) will be monitored by new industry-specific regulators, according to Margot James, minister for digital and creative Industries.
The government is now imploring companies involved in infrastructure to ensure they have robust safeguards in place to deal with the ever increasing threat of digital attacks.
Under the new system any cyber breaches and IT failures will have to be reported to the regulator who will assess whether appropriate security measures were in place. The regulator will have the power to issue legally-binding instructions to improve security, and – if appropriate – impose financial penalties.
The National Cyber Security Centre (NCSC) has today published detailed guidance to help organisations comply, which is based around 14 key principles.
The move comes just four months ahead of the forthcoming General Data Protection Regulation (GDPR) rules which will see organisations in EU countries subject to administrative fines for a personal data security breach. Firms could by hit with penalties up to 20m or 4% of total worldwide annual turnover – whichever is highest – for such attacks.