IT service providers and data centres will be forced to bolster their cybersecurity systems under new government plans to shore up digital infrastructure against rising threats.
The Cyber Security Resilience Bill will require businesses providing digital services to government departments and the wider economy to meet stricter security measures amid widespread cyber-attacks.
Figures from the Department for Science, Innovation and Technology (DSIT) reveal that cyber threats have cost the British economy close to £22bn a year between 2015 and 2019 and disrupt vital services.
This was seen last year when a cyber-attack against Synnovis, a key service provider for the NHS, cost an estimated £32.7m and caused thousands of missed appointments. Similar recent attacks have hit Transport for London (TfL) and the British Library.
Under the new bill, which will be introduced to parliament later this year, data centres, managed service providers will have to improve risk assessment measures and data protection defences.
The proposal would also give regulators more power in monitoring the cyber defences of critical service providers, with the requirement that companies report more incidents to build a clearer picture of cyber threats.
The bill would also grant powers to Tech Secretary Peter Kyle to direct regulated organisations to adjust cyber defences.
“Economic growth is the cornerstone of our Plan for Change and ensuring the security of the vital services which will deliver that growth is non-negotiable,” said Kyle.
“Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.”
A survey published last year by DSIT found that in the 12 months preceding April 2024 half of businesses reported experiencing some form of cyber security breach or attack.
This rose to 70% for medium-sized businesses and 74% for large businesses.
The Cyber Security and Resilience Bill is a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare,” said Richard Horne, CEO of the National Cyber Security Centre (NCSC).
“It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries.”
The announcement follows new guidance issued by the NCSC in March, urging firms to start preparing now for quantum computing-powered cyber threats, expected by the agency to be a serious concern within the next 10 years.
Register for Free
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
