Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

New laws proposed to boost UK business cyber security

Government proposals would see more firms required to put better cyber security measures in place.

Martyn Landi
Wednesday 19 January 2022 12:19 EST
(PA)
(PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

New laws have been proposed that would help boost the UK’s resilience from cyber attack, following a rise in incidents targeting national infrastructure around the world.

The Department for Digital, Culture, Media and Sport (DCMS) has unveiled plans to bolster security standards across the country, including improving the way firms report cyber security incidents and setting new qualification standards for those working in the sector to ensure they’re properly equipped to do so.

The plans come in response to a number of recent high-profile cyber incidents, including the SolarWinds and Microsoft Exchange Servers attacks, which used vulnerabilities in third-party products used by businesses to impact thousands of businesses around the world.

Under its proposals, the Government said it wants to update the Network and Information systems (NIS) Regulations – which came into force in 2018 to improve the cyber security of companies that provide essential services such as water, energy, transport and healthcare by requiring them to put in place effective security measures.

The new laws would widen the regulations to include more third-party digital services, while the Government has also proposed requiring large firms to provide better cyber incident reports to regulators – including making it a requirement to notify them of any cyber attack they suffer, not just those which impact their services.

“Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched,” media, data and digital infrastructure minister, Julia Lopez, said.

“The plans we are announcing today will help protect essential services and our wider economy from cyber threats.

“Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online.

“It is not an optional extra.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in