- New Cyber Security Bill looks to offer UK infrastructure extra protection
- New bill will cover over 1,000 service providers
- UK government continues push to encourage digital innovation
The UK Government has set out new plans to reinforce digital critical infrastructure and protect public services.
The Department for Science, Innovation, and Technology has announced its new Cyber Security Bill, which it says will provide “essential IT services” to public infrastructure in order to make them a less attractive target for cyber criminals.
The news comes alongside concerns from top security officials who warn that Britain is “shockingly vulnerable” to cyberattacks, the Telegraph reports. In particular, critical infrastructure like the NHS and national power grid use third-party vendors which aren’t subject to the same security rules as large public institutions.
Costly threats
Third-party vendors are the intrusion point for a significant number of attacks, accounting for a conservative estimate of over a third of all breaches in 2024.
Vendors are often smaller companies who don’t have the same cybersecurity budgets, and can be a weak point exploited by attackers.
Cyber threats cost the British economy almost £22 billion per year, research suggests - and cause significant disruptions to public services and businesses.
The NHS has suffered multiple attacks in recent years, and some hospitals have even been forced to declare major incidents thanks to intrusions.
The new bill will cover over 1,000 service providers, and aims to give the British public confidence in digital services and support the “Government’s mission to kickstart economic growth.”
Many digital firms have welcomed the Bill, although some say it does not go far enough. Carla Baker, Senior Director of Government Affairs UK&I at Palo Alto Networks comments that “the government could go further to protect the UK by including the public sector in the scope of the legislation,” pointing to legacy IT systems and outdated tech leaving sectors vulnerable.
“The government can no longer afford to sit on the sidelines and solely focus on pushing security obligations onto industry. Recent high profile public sector cyber attacks have demonstrated exactly why the government must do more to enhance its own resilience and lead by example. The time to act is now.”
You might also like
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
