Nearly half (46%) of British businesses discovered at least one cyber-security breach or attack in the past year, a government survey earlier this year found. That proportion rose to two-thirds among medium and large companies.
Earlier this year, NHS services across England and Scotland were hit by a large-scale cyber-attack that disrupted hospital and GP appointments. And the threat to firms from cyber-attacks appears to have grown.
Firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyber-attacks, the government has warned.
The Department for Digital, Culture, Media and Sport (DCMS) said firms that take cyber-security seriously should already have measures in place to prevent attacks or systems failures. A new crackdown is aimed at making sure essential services such as water, energy, transport and health firms are safeguarded against hacking attempts. Firms will also be required to show they have a strategy to cover power failures and environmental disasters.
The DCMS said the consultation was aimed at determining how to implement the Network and Information Systems (NIS) directive which becomes law across the EU next May. It is separate from the General Data Protection Regulations (GDPR), which are aimed at protecting data, rather than services.
The GDPR will replace the UK’s Data Protection Act 1998 from 25 May next year and the government has confirmed that the UK’s decision to leave the EU will not change this.