CNI to potentially face £17m fines

The Department for Digital, Culture, Media and Sport (DCMS) has announced a new proposal today where businesses that manage critical national infrastructure will face fines of £17m or 4% of their global turnover if they fail to protect themselves against cyber-attacks. This will be separate from the EU GDPR which is aimed at protected data, rather than services.

Ross Brewer, VP and MD EMEA at LogRhythm had the following comments: “As we saw with WannaCry recently, the consequences of an attack on our critical national infrastructure are unthinkable. Cybercrime is no longer a game involving hackers manipulating people and computer systems to get their hands on valuable data or money. The stakes are now much higher, with criminals proving they are capable of disrupting services that can effectively cripple an economy, a country’s stability and, worryingly, our lives.

“This initiative is a bold, but much needed step in the fight against cybercrime. With fines as high as those that will be implemented under GDPR, businesses that manage our critical infrastructure will suffer significantly should they fail to implement an effective security strategy with the right people, technology and processes. One weak link in our critical national infrastructure makes us a very vulnerable country.

“If they haven’t already, organisations need to sit up and realise that hackers are motivated and persistent and will do everything and anything to successfully access – and cripple – our networks. Organisations relying heavily on prevention need to realise that this is no longer enough and that they need to invest in the right monitoring, detection and response technologies to help them effectively manage today’s sophisticated threats. As attacks on our infrastructure become more commonplace, businesses need to take these government proposals seriously. The fines are high, and are a reflection of how dangerous today’s cyber criminals are and the threat they pose to our country. Unlike traditional warfare, cyber-attacks are ‘invisible’ and often easy to forget until you become a victim, and they have the potential to be far more catastrophic. To avoid these fines and ensure their services are protected from modern-day and future threats, businesses must have intelligence that gives them deep, consistent visibility across their entire network so hackers can be stopped.”