Organisations that supply “essential” services, but which fail to implement “effective” cyber-security measures, could be fined as much as £17m (U.S.$22m) or 4 percent of global turnover as part of plans to make the United Kingdom “safe, secure and resilient” from cyber-attacks.
The plans are being considered as part of a consultation launched on 8 August by the Department for Digital, Culture, Media, and Sport to decide how to implement the European Union’s Network and Information Systems (NIS) Directive from May 2018, which is aimed at ensuring that essential services are able to minimise disruption caused by cyber-threats, as well as power and hardware failures, and environmental hazards. The consultation closes on 30 September.
