Corporate cybersecurity in the UK will no longer be just important to prevent data loss due to multimillion fines that await companies that fail to protect their business from online threats.
The British government said that it would impose up to £17 million of penalties to companies that have a lack of cybersecurity resources. This means that an efficient financial or human resource database management system will be more necessary than ever, or risk paying a steep amount for non-compliance.
The government announced the new regulation in August 2017, which former Digital Minister Matt Hancock described as a last-ditch effort to make sure companies are prepared to handle cyber-attacks. Regulators expect the energy, healthcare, transportation and water industries to have the highest level of protection, although that does not mean other sectors’ efforts should be a notch below these industries.
The new rule will take effect on May 10. Ciaran Martin, National Cyber Security Centre head, said that the public and private sector should work together to prevent a major cyber-attack in the future, which will happen as a matter of “when” and not “if.”
A category one (C1) cyber-attack involves major damages to energy infrastructure and financial services among other disruptions. The UK avoided this kind of threat in the last 15 months, but it was because of pure luck, according to Martin.
C1 attacks already occurred in France and other parts of Europe, which indicated that the UK would likely be the next victim eventually. Martin expects a C1-level cyber-attack to happen in the country sometime in the next two years.
Cybersecurity becomes more relevant today as many companies now rely on digital infrastructure. As a result, many criminals found an opportunity to exploit the vulnerabilities of businesses and industries to make money or push their own agenda.