Substandard cybersecurity practices could cost U.K. organizations upwards of $20 million, or 4 percent of global sales, if they don’t act to help prevent cyberattacks that disrupt transport, health or electricity networks services.
U.K. government officials have proposed the fines as part of an overall initiative to blunt future attacks such as the WannaCry ransomware that bludgeoned the country’s National Health Service, the Guardian reported. That attack took down operations, diverted ambulances and blocked access to patient records. The concern, of course, is that more of the same is to come.
The financial penalties will only be used as a “last resort” if organizations can’t demonstrate that they’ve taken stock of their vulnerabilities and enacted steps to close network loopholes, the report said.
With heightened sensitivities worldwide to cybersecurity attacks, the U.K.’s proposals could act as a testing ground to see if potential fines spur more organizations to assess network weaknesses and design the appropriate fixes. It’s something not only businesses will want to watch closely but also MSSPs as a new avenue worth exploring further.
Proposed penalties for flaws in network and information systems mirror those previously suggested for data protection, the Guardian reported. The initiative is tied to the Network and Information Systems directive set to launch next May and part of a $2.5 billion national cybersecurity program in the U.K.
“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards,” said Matt Hancock, U.K. digital and culture minister.
According to the Guardian, the U.K.’s Department for Digital, Culture, Media and Sport plans to develop security monitoring, raise staff awareness, set up rapid reporting policies and remediation responses.
It’s not just the WannaCry extortion that pushed officials over the edge. In May, an IT failure at British Airways affected 75,000 travelers and cost the airline more than $100 million. While the airline blamed a power supply problem, the spectre of a cyber attack hovered over the incident, the Guardian reported.
Ciaran Martin, chief executive of the National Cyber Security Centre, said “everyone has a part to play” to help safeguard essential services and businesses from cyber assaults.
“The NCSC is committed to making the U.K. the safest place in the world to live and do business online, but we can’t do this alone,” he said.