Cybersecurity laws to be updated to boost UK protection from cyber attacks

Outsourced IT providers will be brought into the scope of cyber regulations, which require strong cybersecurity measures to be in place.

Martyn Landi
Wednesday 30 November 2022 06:35 EST
The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced (NicoElNino/Alamy/PA)
The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced (NicoElNino/Alamy/PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced.

The Network and Information Systems (NIS) Regulations will be updated so third-party firms providing IT services to businesses will be compelled to have effective cybersecurity measures in place to protect them and their client’s data, with fines for non-compliance.

Those rules already apply to UK companies providing critical services in a range of sectors including energy, water and transport, but will now bring outsourced firms into scope as well.

The decision comes after a consultation and in the wake of increasing levels of cyber attacks targeting critical infrastructure in countries around the world as a way of inflicting substantial damage on entire nations.

The services we rely on for healthcare, water, energy and computing must not be brought to a standstill by criminals and hostile states

Cyber minister Julia Lopez

The Government said it has noted the increase in attacks, which also target supply chains as a way of compromising potentially thousands of organisations at the same time.

Earlier this month, the National Cyber Security Centre (NCSC), part of GCHQ, published its annual review, which said the cyber security threat to the UK has “evolved significantly” over the past year – with 18 cybersecurity incidents requiring a nationally co-ordinated response.

These include attacks on an NHS supplier and a water utility company, it said.

“The services we rely on for healthcare, water, energy and computing must not be brought to a standstill by criminals and hostile states,” cyber minister Julia Lopez said.

“We are strengthening the UK’s cyber laws against digital threats.

“This will better protect our essential and digital services and the outsourced IT providers which keep them running.”

The Government said the updates to the regulations will be made as soon as parliamentary time allows, and will also include measures that require firms to improve cyber incident reporting to regulators.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in