The government is moving ahead with its plans to extend the UK’s Network and Information Systems (NIS) regulations of 2018 to MSPs and strengthen the UK’s vital supply chains.
The update aims to improve the cybersecurity of firms providing critical services such as healthcare, water, energy and computing, supported by a £17m fine if they fail to effectively implement security measures.
The government said high-profile attacks such as Operation CloudHopper, which targeted MSPs and compromised thousands of organisations, have shown the “UK’s cyber laws need to be strengthened to continue to protect vital services and the supply chains they rely on.”
UK Cyber Minister Julia Lopez said: “The services we rely on for health care, water, energy and computing must not be brought to a standstill by criminals and hostile states. We are strengthening the U.K.’s cyber laws against digital threats. This will better protect our essential and digital services and the outsourced IT providers which keep them running.”
Other changes include requiring essential and digital services to improve cyber-incident reporting to national regulators such as the Ofcom, Ofgem and the ICO.
This will include notifying regulators of a wider range of incidents that disrupt service or which could have a high risk or impact to their service even if they are not disruptive.