NHS trusts could face fines for failure to protect against cyber attacks

Agnes Chambre

1 min read08 August 2017

NHS trusts, water firms and energy companies could face eye-watering fines if they fail to protect themselves against cyber attacks, under new proposals.

Key organisations that provide essential infrastructure services will be forced to report cyber breaches within 72 hours of becoming aware of them under the suggested new rules.

They would also be forced to put in place measures to recover from incidents quickly and prove they have systems to prevent and detect attacks.

Major tech firms could also be covered and would face fines of £17m or 4% of their global turnover - whichever is higher - for breaches.

Digital Minister Matt Hancock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyberattack and more resilient against other threats such as power failures and environmental hazards.”

The announcement, outlined in a consultation paper today, builds on a major privacy crackdown revealed yesterday.

Consumer protections written into the Data Protection Bill will force companies like Google and Facebook to change the way they store and use people's data.

PoliticsHome Newsletters

PoliticsHome provides the most comprehensive coverage of UK politics anywhere on the web, offering high quality original reporting and analysis: Subscribe

Read the most recent article written by Agnes Chambre - Confusion among Labour's top team as senior figures disagree over second EU referendum