Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

U.K. mulls new fines for lax cyber-security measures

Jaclyn Jaeger | August 8, 2017

Organisations that fail to implement effective cyber-security measures could face signficant fines, as part of plans to make Britain’s essential networks and infrastructure safe, secure, and resilient against the risk of future cyber-attacks.

Under the proposed plan, the Information Commissioner’s Office (ICO) would be empowered to issue fines of up to £17 million or 4 per cent of global turnover in cases of the most serious data breaches against organisations that fail to implement effective cyber-security measures. Fines would be a last resort, and they will not apply to operators that have assessed the risks adequately, taken appropriate security measures, and engaged with competent authorities but still suffered an attack, the U.K. government stated in a press release.

The plans are being considered as part of a...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.