UK organisations could face huge fines for cyber security failures


British organisations could face fines of up to £17m, or 4% of global turnover, if they fail to take measures to prevent cyber-attacks that could result in major disruption to services such as transport, health or electricity networks.

But the proposals, which are being considered as part of a government consultation launched on Tuesday, say that financial penalties will be used as a “last resort” and not applied if organisations facing an attack can prove they assessed the risks adequately.

The move comes after the NHS became the highest-profile victim of a global ransomware attack, which resulted in operations being cancelled, ambulances being diverted and patient records being made unavailable.

The coordinated attack that infected a large number of computers across the health service was linked to WannaCry malicious software.

The issue came to the fore again after a major IT failure at British Airways left 75,000 passengers stranded and cost the airline £80m – although the company blamed a power supply issue rather than a cyber-attack.

Read more…
Source: the Guardian.