Multimillion-pound fines will be dealt to organisations without strong cybersecurity measures under new Government proposals.
Energy, transport and health providers are among essential infrastructures facing fines of up to £17m – or 4% of global turnover.
The suggested fines are aimed at preventing hackers from crippling networks, as happened earlier in the summer with NHS systems.
Measures will include monitoring threats and detecting attacks, good staff training, and having quick recovery systems in place.
Image: NHS computers were left crippled by a ransomware attack in May. Pic: HSJ
The plans are part of a consultation launched by the Department for Digital, Culture, Media and Sport (DCMS) on Tuesday.
It is hoped the Network and Information Systems (NIS) directive will be launched from May 2018.
Minister for digital Matt Hancock said: “We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards.”
He urged public and private providers to weigh-in on the consultation.
The measures are about loss of service and not data, which is covered under General Data Protection Regulations.