Transport, water, energy and health businesses in Britain could be fined as much as £17 million ($23.9 million) if they don't have the "most robust" safeguards in place to guard against cyber-attacks.
In an announcement Sunday, the U.K. government said that a "simple" and straightforward system would be created to make it easy for businesses to report both IT failures and cyber breaches.
Fines will be issued as a last resort, the government said, and will not apply to organizations deemed to have adequately assessed the risks, taken sufficient security measures and engaged with regulators.
The National Cyber Security Centre (NCSC) has published guidance — based around 14 key principles — on what organizations need to do to comply with the new system. The new rules relate to the implementation of the Network and Information Systems Directive, which will apply from May 2018.
"We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services," Margot James, the minister for digital and the creative industries, said in a statement. "I encourage all public and private operators in these essential sectors to take action now and consult NCSC's advice on how they can improve their cyber security."
NCSC CEO Ciaran Martin said the new guidelines would give "clear advice" on what organizations had to do to implement what he described as essential cyber security measures. "Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible," he added.
As the world becomes increasingly interconnected, the issue of cyber security is becoming more and more important. In 2017, a significant ransomware attack, WannaCry, hit 300,000 computers in 150 countries, according to authorities. In the U.K., dozens of National Health Service trusts were caught up in the incident.
