Organisations that fail to implement effective cyber-security measures could face signficant fines, as part of plans to make Britain’s essential networks and infrastructure safe, secure, and resilient against the risk of future cyber-attacks.
Under the proposed plan, the Information Commissioner’s Office (ICO) would be empowered to issue fines of up to £17 million or 4 per cent of global turnover in cases of the most serious data breaches against organisations that fail to implement effective cyber-security measures. Fines would be a last resort, and they will not apply to operators that have assessed the risks adequately, taken appropriate security measures, and engaged with competent authorities but still suffered an attack, the U.K. government stated in a press release.
The plans are being considered as part of a...