Last week, the UK government announced an additional step to create clear sanctions against companies running critical assets if they fail to take necessary precautions to minimise cybersecurity risks. These sanctions will be in the form of fines of up to £17 million. The government plans to appoint a regulator responsible for issuing these fines in each of the key sectors that are subject to the legislation, namely electricity, transport, water, energy, health and digital infrastructure. It is not clear who these regulators are going to be, although they are likely to be existing bodies.

These fines will not apply if companies acted appropriately to protect themselves against attacks, but suffered an attack anyway, and will only be used as a last resort. This is an implicit recognition that it is impossible (or at least prohibitively expensive) to protect against all cyberthreats all the time. But it will hopefully be enough to encourage utilities and other critical infrastructure operators to invest more in securing their IT and communications systems.

One of the most important aspects of the Government’s announcement is the plan to create a system for reporting cyberattacks and IT system failures, which should help enhance the knowledge of the types of risks facing the UK and formulate an effective response to them.

Some of the key threats highlighted are fundamentally issues relating to the energy and utilities sectors.  These threats include attacks resulting in power outages or damage to critical transmission and generation equipment, or attacks on the water supply, or environmental hazards caused by infrastructure failures.

The UK has been trying to develop a more effective response to the growing cybersecurity threats to its critical infrastructure. These efforts led to the creation of the National Cyber Security Centre (NCSC) in 2017, which has a key role in developing cybersecurity policies and responding to emerging threats.

The Network and Information Security (NIS) Directive is the key piece of legislation making these fines possible.  Interestingly (given the current debate around Brexit), the NIS is actually an EU piece of legislation that was agreed in 2016. The UK government has adopted enthusiastically so far, and sees it as an integral part of its £1.9 ($2.6) billion National Cyber Security Strategy.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Increasingly, the UK is taking a more structured approach to managing cybersecurity threats to is infrastructure, and aligning itself to countries like the US and Germany. This is due to the increasingly sophisticated nature of cyberthreats, and the growing connectivity and processing capabilities across critical infrastructure, which manifested itself in a number of attacks on critical infrastructure, such as the two targeting the Ukranian power grid in recent years. A further reason for the renewed emphasis on cybersecurity, is the UK’s effort to make its digital economy a more prominent part of the economy, something that requires robust cybersecurity and a perception of safety.