Airlines, electricity firms and broadband providers could face multi-million pound fines if they fail to take measures to prevent cyber attacks that result in major disruption to services, under a government plan to be announced today.
Companies will be hit with financial penalties of up to £17million or four per cent of global turnover if they cannot show they adequately assessed the risk of threats to their computer systems, including cyber hacking or even power failures.
Ministers said the fines, which will be set out as part of a consultation today, would only be used as a ‘last resort’ and affect electricity, transport, water, transport, health and digital infrastructure providers.
Airlines (like British Airways), electricity firms and broadband providers could face multi-million pound fines if they fail to take measures to prevent cyber attacks
The move comes after the NHS became the highest profile victim of a global ransomware attack, which resulted in operations being cancelled, ambulances being diverted and patient records being made unavailable.
The co-ordinated attack that infected a large number of computers across the health service was linked to Wannacry malicious software.
The issue was raised again after a major IT failure for British Airways left 75,000 passengers stranded and cost the airline £80m – although the company cited a power supply issue rather than a cyber-attack.
Operators will be required to develop a strategy and policies to manage risk, and show how they are working to prevent attacks or system failures.
The Department for Digital, Culture, Media and Sport said they also wanted to see action to detect attacks, develop security monitoring and raise staff awareness, as well as ensuring incidents were reported immediately and that systems were in place for recovery. Workshops will be held with operators to allow them to offer feedback.
The consultation proposes similar penalties for flaws in network and information systems as those due to be in force for data protection lapses by May 2018.