The government has warned that companies who fail to protect themselves from cyber-attacks could face fines of up to £17 million or 4% of their global turnover. Companies will also have to prove that they have a readymade strategy in the event of power failures or natural disasters.
This crackdown is to make sure firms are protecting their customers’ details.
With increasing numbers of high profile attacks happening across the world, companies are under more pressure to ensure their security is air-tight. Early last year, the NHS was subjected to a high profile cyber-attack that disrupted hospitals and appointments.
A government survey found that nearly half (46%) of firms had a cyber-attack or security breach in the past year. The percentage was larger for medium to large companies.
Most breaches were found to involve fraudulent emails that are sent to members of staff pretending to be from someone else. Other sources of cyber-attacks were related to security issues like viruses, malware or spyware.
Cyber-attacks only seem to be on the rise. Smaller businesses are often at risk of underestimating the threat, thinking that hackers are more interested in the higher profile businesses because they’re in the news more. However, smaller businesses are easier to hack and are therefore more likely to be targeted.
Government consultation
The Department for Digital, Culture, Media and Sports (DCMS) is launching a consultation on the government’s plans.
Matt Hanock, Digital Minister assured people that fines would be the last resort. The DCMS said that these fines would not apply to companies that had already put safeguards in place but still suffered an attack.
Hanock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack.”
Legislation
The DCSM have said that their consultation was aimed at working out how to best implement the Network and Information System (NIS) directive.
The General Data Protection Regulations (GDPR) will replace the Data Protection Act of 1998. There was worry that with Brexit, this would get forgotten or delayed. However, the government has confirmed that the GDPR will still be going ahead and won’t be affected by Britain’s exit from the EU.
What do you think of this warning from the government? Do you think companies should be fined? Let us know what you think.