In an attempt to concentrate the minds of organisations on cybersecurity, the British Government is planning to hit critical infrastructure businesses with heavy fines if their security defence systems are not up to scratch.
If firms do not report incidents such as power outages, environmental threats, and hardware failure, fail to comply with the regulator’s instructions or neglect to implement effective security measures they could find themselves facing financial penalties of £17million. Another WannaCry-style incident would be a case in point.
The new measures should leave organisations in no doubt about their obligations and the penalties for not meeting them. Britain’s stiffest financial sanction so far is the relatively modest £400K levied on TalkTalk in 2016 for failing to protect its customers’ personal data. It seems that the Government is now determined to play hard ball.