Firms lacking strong cyber-security could face fines up to £17m in new proposals

Updated: 

Organisations without strong cyber-security measures could be fined up to £17 million - or 4% of global turnover - under new Government proposals.

Energy, transport and health providers are among essential infrastructures that could be targeted under the planned crackdown.

The suggested fines are aimed at preventing hackers from crippling networks and will also cover issues like power failures and environmental risks.

They would not apply to operators who had followed proper procedures but still suffered an attack, the Department for Digital, Culture, Media and Sport (DCMS) said.

Measures will include monitoring threats and detecting attacks, good staff training, and having quick-recovery systems in place.

The plans are part of a consultation launched by the DCMS on Tuesday with the aim of launching the Network and Information Systems (NIS) directive from May 2018.

Minister for Digital Matt Hancock said: "We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards."

He urged public and private providers to weigh-in on the consultation.

The measures are about loss of service and not data, which is covered under General Data Protection Regulations.