Government warns critical industry firms to increase cybersecurity

New fines for OESs

More information from the NIS Directive (Network and Information Systems) has been released by the government today with the aim to achieve a common level of network and information systems security across the EU. These changes set new rules and apply to Operators of Essential Services (OESs).

The government has warned businesses in the most critical industries to boost their cybersecurity. Otherwise, they risk receiving big fines for leaving themselves vulnerable to an attack.

Firms that fail to have robust security against cyber-attacks risk being fined up to £17million or 4% of global turnover. This applies if they operate in energy, water and health sectors. These fines will be backed up by many new measures that firms need to comply with.

Operators will be required to develop a strategy to understand and manage risks to their online infrastructure as well as to implement security measures to prevent attacks or system failures. These will include measures to detect attacks and to help staff understand the risks through training.

This is part of the governments National Cyber Security Strategy (NCSS), announced in November 2016 and supported by £1.9billion of investment; a five-year plan set to make the UK one of the safest places to operate online.

The penalties are pretty much the same as those being implemented in May of this year with the GDPR, so it seems our government is getting serious about cybersecurity in business.

Do you need help to comply to these conditions? CounterHack can help you!