IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
The UK government has proposed imposing punitive fines on critical national infrastructure companies that neglect their cybersecurity resilience.
The fines, which could be as high as £17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport.
Critical national infrastructure, which encompasses sectors critical to the national economy and normal civilian life, includes energy and other utilities, transport, healthcare and digital infrastructure.
In common with other sectors, these industries are increasingly connecting critical systems via large networks in order to enjoy the benefits of interoperability, data analysis, remote monitoring and management.
“Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today’s digital world and the destruction they can cause, if undeterred,” says Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire.
“Even if you’re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices.
“Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers.”
The government consultation was opened on 8 August and closes 30 September 2017.
Businesses in all sectors could also receive heavy fines – £7.9m or 2% of an organisation’s global turnover – under the forthcoming General Data Protection Regulations (GDPR), which strengthen EU data protection laws. Despite the ongoing Brexit negotiations, the regulations will be incorporated into British law.
eSentire has suggested some steps that organisations can take to make their systems less vulnerable to cyber-attack:
Encryption – store sensitive data that is only readable with a digital key
Integrity checks – regularly check for changes to system files
Network monitoring – use tools to detect suspicious behaviour
Penetration testing – conduct controlled cyber-attacks on systems to test their defences and spot vulnerabilities
Education – train your employees in cybersecurity awareness and tightly manage access to confidential information
Critical infrastructure industries face eye-watering fines for cybersecurity shortcomingsThe fines, which could be as high as £17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Photo posts from the 2023 Security & Fire Excellence Awards
Winners revealed for 2023 Security & Fire Excellence Awards