August saw the UK government warn companies that they could face fines of up to £17m – or four percent of annual turnover – if they do not have adequate cyber security measures in place. The proposals were aimed at critical national infrastructure companies, but an IT and communications expert says it serves as a caution to all businesses that neglecting cyber security and leaving the UK open to cyber threats will not be tolerated.
Utility companies, healthcare and transport are some of the key sectors being targeted by the government's proposals, in a bid to prevent major disruption to these services should a cyberattack strike. They come following the spread of the WannaCry ransomware attack that crippled the National Health Service (NHS) during May this year.
According to corporate and insurance law firm RPC, ransomware is now the most likely cyber-threat to UK businesses. It claims 25 percent of all major cyberattacks involve an attempt to get businesses to pay a ransom to retrieve their data.
Simon Ahearne, managing director of Swansea-based SA1 Solutions, suggests investing in software that makes life difficult for hackers to penetrate a company's data is only one way to prevent a cyberattack. Investment in awareness training for employees should also be prioritised, so staff know what to look out for, should a threat be presented.
“These proposals come as no surprise as the UK looks to clamp down on the rising cyberattacks we've been hit with of late. Businesses need to realise that these fines are a preventative measure. A company could lose significant amounts of money should they fall victim of an attack and that potentially puts the data of others in jeopardy. It's irresponsible to not have appropriate cyber security measures in place, so a fine should be imposed.
“Fines have also been outlined for lesser offences, such as failing to report an incident or cooperate with the relevant authority. This shows a clear need for staff to be educated about what to do and what not to do to prevent a cyberattack, as well as how to respond if the worst was to happen. Simply opening an email attachment from an unknown sender can send a network into lockdown, but it still happens because employees aren't informed enough to be vigilant.”
SA1 Solutions specialises in assisting businesses manage their data and networks from security threats, and provides an efficient disaster recovery service to respond promptly to security breaches. The company is a leading managed service provider based in South Wales, offering services to over 200 customers across the UK.
The government's proposals form part of its plans to implement the Security of Network and Information Systems Directive (NIS Directive). The consultation on the proposals recently came to a close (30 September), with the government due to issue a formal response in coming weeks.