UK plans tougher laws to protect public services from cyberattacks

Audio By Carbonatix

Enlarge

LONDON (Reuters) -Britain plans to strengthen its public services’ defences against cyberattacks, requiring companies that provide services to private and public sector organisations such as the National Health Service to meet strict security standards.

In 2024, hackers breached the Ministry of Defence’s payroll system and other recent attacks included one that disrupted over 11,000 NHS medical appointments and procedures.

The proposals also follow a series of cyberattacks in recent months that disrupted some of Britain’s biggest brands, including Marks & Spencer, the Co-op, and Jaguar Land Rover.

Under the proposed laws, medium and large companies providing services such as IT management, help desk support, and cybersecurity to both private and public sector organisations would be regulated, the government said in a statement on Wednesday .

“Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties,” the Department for Science, Innovation and Technology (DSIT) said.

If approved, the proposals would require companies to promptly report significant or potentially significant cyber incidents to both the government and their customers, and to have robust plans in place to manage the consequences.

Regulators would gain new powers to designate critical suppliers to essential services, and there would be tougher penalties for serious breaches, the DSIT said.

The government has also set out plans to ban public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools, from paying ransom demands to cybercriminals.

(Reporting by Catarina Demony; Editing by Frances Kerry)