Critical companies in the United Kingdom could face a hefty fine – up to £17 million ($24 million) – if they don’t ensure that their cybersecurity systems are up to par.
TechCrunch reported that companies in energy, transport, water, health and other critical services will need to prove that their cybersecurity systems can fend off attacks, with new regulators being appointed to inspect existing systems and fine those that don't have adequate programs in place.
Some of the requirements for a strong cybersecurity system include “having the right people and organization in place to handle a cyberattack; having the right software in to protect against attacks; having the right capabilities in place to detect if an attack has taken place anyway; and having the right systems in place to minimize the impact of an attack if a system is breached (despite the other three being in place).”
The regulators won't just be doling out fines, though. They will also assist in setting up stronger cybersecurity systems at the companies that fall short. Fines will be handed out by the Department for Digital, Culture, Media and Sport as “a last resort and will not apply to operators [that] have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack.”
Companies throughout Europe are facing stricter data protection regulations under General Data Protection Regulations (GDPR), which is set to apply across the 28-member State EU bloc as of May 25 of this year.
But a new report released in the U.K. said that companies are unprepared for the deadline, with only 38 percent of businesses even having heard of GDPR. For the businesses that do know about it, a little more than a quarter have made changes in order to comply with the new rules. And less than half of the companies making changes said those include cybersecurity-related initiatives.