NHS trusts could face fines for failure to protect against cyber attacks
1 min read
NHS trusts, water firms and energy companies could face eye-watering fines if they fail to protect themselves against cyber attacks, under new proposals.
Key organisations that provide essential infrastructure services will be forced to report cyber breaches within 72 hours of becoming aware of them under the suggested new rules.
They would also be forced to put in place measures to recover from incidents quickly and prove they have systems to prevent and detect attacks.
Major tech firms could also be covered and would face fines of £17m or 4% of their global turnover - whichever is higher - for breaches.
Digital Minister Matt Hancock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyberattack and more resilient against other threats such as power failures and environmental hazards.”
The announcement, outlined in a consultation paper today, builds on a major privacy crackdown revealed yesterday.
Consumer protections written into the Data Protection Bill will force companies like Google and Facebook to change the way they store and use people's data.
