The UK government has warned that businesses could face fines of up to £17m or 4% of global turnover for failing to take measures to prevent cyber-attacks.
The Department for Digital, Culture, Media and Sport says it wants to see firms develop security monitoring, raise staff awareness, ensure that incidents are reported immediately, and have plans for recovery after an attack.
The proposals are designed to safeguard essential services such as transport, health, energy and water firms. They are being considered as part of a consultation launched to decide how to implement the Network and Information Systems (NIS) Directive from May 2018.
The NIS Directive will form an important part of the government’s five-year £1.9 billion National Cyber Security Strategy.
Earlier this year the UK was one of 150 countries to be affected by the Wannacry cyber virus which disrupted NHS services across England and Scotland.
The threat to private firms has also grown. According to a recent government survey, 46% of British businesses identified at least one cyber-attack or data breach in the past year.
Research has also revealed that over than 80 per cent of people do not feel like they have complete control over their data online.
Digital Minister Matt Hancock, who is launching a consultation on the proposals, said:
“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.”
Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), said:
“We welcome this consultation and agree that many organisations need to do more to increase their cyber security.
“The NCSC is committed to making the UK the safest place in the world to live and do business online, but we can’t do this alone.”