In UK, Big Fines for Failing to Address Cyber Risk
According to a recent report, businesses in Britain could be fined up to £17 million ($23.9 million) if they fail to have the “most robust” safeguards in place to thwart cyberattacks.
The National Cyber Security Centre (NCSC) issued guidance on what businesses need to do to comply with new rules related to implementation of the Network and Information Systems Directive, which takes effect in May 2018. The U.K. government has said a simple and straightforward system would be created to make it easy for businesses to report both IT failures and cyber breaches. Fines would be issued as a last resort, but would not apply to firms that have adequately addressed risks, taken sufficient security measures, and engaged with regulators.
“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services,” Margot James, the minister for digital and the creative industries, said in a statement. “I encourage all public and private operators in these essential sectors to take action now and consult NCSC's advice on how they can improve their cyber security.”