To make companies operating in “critical industries” in the United Kingdom beef up their cybersecurity defenses, the government has warned that it will impose heavy fines if they fail to meet satisfactory standards.
This means companies operating in the energy, transport, health, and digital sector need cybersecurity measures to avoid being fined as high as 17 million pounds (about $23.85 million).
The penalties will be filed under the NIS (Network and Information Systems) directive that was passed by the govt back in mid-2016 to warrant that most digital companies operating in Europe are protected against modern cyber attacks. These companies have until 10 May 2018, post which the new rules defined under this directive will be a go.
The regulators are currently said to be working on the development of a simple system that’d make it easier for companies to report breaches and IT failures at their end.
This will apply to the operators of essential services (OES) and they will have to report any and all cybersecurity attacks above a currently undefined threshold. The fines won’t be slammed right off the bat. Instead, EU regulators will initially be issuing legally-binding instructions to grant them some time to bolster their security. And then impose a hefty penalty if the companies fail to comply, even after the warning.
The UK government is trying to make its country the safest digital haven for companies, to which Margot James, minister for digital and the creative industries, said:
We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services. I encourage all public and private operators in these essential sectors to take action now and consult NCSC’s advice on how they can improve their cybersecurity.
The NIS directive, it’s being believed, will help contain and counter the major cybersecurity attacks and push for the imposition of stringent safeguards. The regulators will soon be able to assess the cybersecurity infrastructure of the country’s critical industries to make it a point to guarantee that they are as “robust” as possible.
The new directive will ensure that IT threats, such as power outage, hardware failure, and network hijacking are reduced to the minimum over the coming years. The government is planning to avoid scenarios and panic that was induced by WannaCry ransomware and the Mirabot DDoS attacks the previous year. So, do you think the UK government has taken a right step to curb potential cybersecurity attacks? Let us know your thoughts down below.