Why is it needed?: In 2024, the NCSC responded to 430 cybersecurity incidents, including 89 it said were rated as “nationally significant.” That included the large ransomware attack on the NHS pathology services provider Synnovis last June that ended up costing an estimated £32.7 million ($42 million) to fix.”Last year’s cyber attack on a supplier to NHS hospitals in London caused more than 11,000 acute outpatient appointments and elective procedures to be postponed. Some of those people will have waited months to be seen,” said the Secretary of State for the Department for Science, Innovation and Technology, Peter Kyle. “I will not allow this to continue. We must take decisive action to deliver effective and enduring change.”And this isn’t just a problem for the public sector; last year’s Cyber Security Breaches Survey found that half of UK businesses suffered some form of cyberattack in the last 12 months, equivalent to seven million incidents.To illustrate the peril, the government pointed out that a hypothetical cyber attack directed at an energy company in the southeast of England could “wipe over £49 billion [$63 billion] from the wider UK economy.”Putting a lid on this kind of disruption requires legislation to compel providers to act, while offering a target to aim for in terms of compliance.The full demands of the bill have yet to be revealed. Right now, all that affected organizations know is its general outline and broad scope. When it is published in full, the detail will be pored over at length.”One of the key announcements is the introduction of MSPs falling into the scope of the regulation. Small and medium sized enterprises depend on managed service providers for every aspect of their IT and their security posture,” said David Ferbrache, managing director of UK technology consultancy Beyond Blue. “Making sure MSPs take security seriously can make a massive difference to those SMEs.” However, Ferbrache was less sure about the new role given to the ICO as regulator. “The extension of the role of the ICO to regulate a wide range of digital services is a major change in scope. Care will be needed to not create conflicts of interest or distract from their key role as our national data protection authority,” he said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3951957/the-uks-cyber-security-and-resilience-bill-will-boost-standards-and-increase-costs.html
