Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Wednesday 19 January 2022 3:16 pm

New laws proposed to strengthen UK’s fight against cyber crime

By: Leah Montebello

Add as a preferred source on Google

New laws are needed to drive up security standards in outsourced IT services used by almost all UK businesses, the government has said this afternoon.

To make the UK more secure and help prevent these types of attacks the government is aiming, through new legislation, to take a stronger approach to getting at-risk businesses to improve their cyber resilience as part of its new £2.6bn National Cyber Strategy.

Network and Information Systems (NIS) Regulations came into force in 2018 to improve the cyber security of companies which provide essential services such as water, energy, transport, healthcare and digital infrastructure. Organisations which fail to put in place effective cyber security measures can be fined as much as £17m.

The NIS regulations require essential service providers to undertake risk assessments and put in place reasonable and proportionate security measures to protect their network. They have to report significant incidents and have plans to ensure they quickly recover from them.

While the regulations apply to some digital services such as online marketplaces, online search engines and cloud computing, there has been an increase in the use and dependence on digital services for providing corporate needs such as information storage, data processing and running software.

Research by the Department for Digital, Culture, Media and Sport has revealed that only 12 per cent of organisations review the cyber security risks coming from their immediate suppliers and only one in twenty firms address the vulnerabilities in their wider supply chain.

The government has therefore launched a consultation this afternoon to amend the NIS regulations, which include expanding NIS Regulations’ scope, requiring large companies to provide better cyber incident reporting to regulators such as Ofcom, Ofgem and the ICO, as well as a number of other measures.

The government have also said that that The UK Cyber Security Council, which regulates the cyber security profession, needs powers to raise the bar and create a set of agreed qualifications and certifications so those working in cyber security can prove they are properly equipped to protect businesses online.

The plans follow recent high-profile cyber incidents such as the cyber attack on SolarWinds and on Microsoft Exchange Servers which showed vulnerabilities in the third-party products and services used by businesses can be exploited by cybercriminals and hostile states, affecting hundreds of thousands of organisations at the same time.

They also follow an increase in ransomware threats to organisations, including some in critical national infrastructure such as the Colonial Pipeline attack in the US.

Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez, said:

Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched.

The plans we are announcing today will help protect essential services and our wider economy from cyber threats

Every UK organisation must take their cyber resilience seriously as we strive to grow, innovate and protect people online. It is not an optional extra.

Read more

‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Business
  • Politics

Related Topics

  • Cybercrime

Trending Articles

  • Billionaire Easyjet founder in line for £800m payday from takeover

  • The former African gold miner taking on the billionaire Issa brothers

  • Tesco ‘in talks’ to exit eastern Europe

  • Pension pressure to help swell UK debt to three times size of economy

  • As it happened: FTSE 100 slump as oil soars; Trump says Iran will be ‘hit hard’ tonight

More from City PM

  • ‘Act now’: AI models capable of attacks on governments months away, Five Eyes warn

    Tech
    GettyImages 158774123 showcases a relevant business meeting scene, highlighting diverse professionals engaged in discussion.
  • Gambit Cyber Launches Vizier AI – An Autonomous Security Intelligence Workspace for Continuous Exposure Management

    Business Wire
  • The Debate: Should CEOs be held personally accountable for cyberattacks?

    Opinion
    Evil-looking keyboard symbolizing cybersecurity threats and hacking risks in a digital landscape.
  • Yubico Joins European Cyber Security Organisation (ECSO)

    Business Wire
  • Professional services firms the ‘flavour of the month’ for cyberattacks

    Prof Services
    The ICO said it initially planned to fine Capita a total of £45m, but this was later reduced by “mitigating factors”
  • Jaguar Land Rover eyes cost-cutting and wealthy buyers in cyber attack recovery

    Retail
    JLR logo prominently displayed in an automotive business setting, highlighting the companys brand presence and identity
  • M&S to face shareholder grilling over cyber attack recovery

    Retail
    Marks and Spencer was one of three UK retailers to be targeted
  • Neo4j Acquires GraphAware to Launch Intelligence Analysis Alternative to Palantir Gotham

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook