Mirage News
Mirage News
World
 Date Time

UK Bolsters Cyber Defences for NHS, Transport, Energy

UK Gov

Proposed new laws will strengthen cyber defences for essential public services like healthcare, drinking water providers, transport and energy.

  • Proposed new laws will strengthen cyber defences for essential public services like healthcare, drinking water providers, transport and energy.
  • UK to be better protected than ever to face down cyber criminals and state-backed actors - delivering strong foundations for the government's Plan for Change.
  • Bolstered protections for the UK economy - with new research showing the annual cost of cyber attacks is almost £15 billion per year.

Hospitals, energy and water supplies and transport networks will be better protected from the threat of cyber-attacks under new laws being introduced in Parliament today (12th November).

Supporting the Plan for Change , the Cyber Security and Resilience Bill strengthens national security and protects growth by boosting cyber protections for the services that people and businesses rely on every day.

In the face of increasing cyber threats, it will prevent disruption - keeping the taps running, the lights on and the UK's transport services moving - while making sure those who supply our vital services have tougher cyber protections.

These proposed laws would cover certain digital and essential services including healthcare, transport, energy and water. Under the proposals:

  • medium and large companies providing services like IT management, IT help desk support and cyber security to private and public sector organisations like the NHS, will also be regulated for the first time. Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties. This includes reporting significant or potentially significant cyber incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences
  • regulators will be given new powers to designate critical suppliers to the UK's essential services such as those providing healthcare diagnostics to the NHS or chemicals to a water firm, where they meet the criteria. This would mean they'd have to meet minimum security requirements - shutting down gaps in supply chains criminals could exploit which could cause wider disruption
  • enforcement will be modernised, including tougher turnover-based penalties for serious breaches so cutting corners is no longer cheaper than doing the right thing. That's because companies providing taxpayer services should make sure they have tough protections in place to keep their systems up and running
  • the Technology Secretary gets new powers to instruct regulators and the organisations they oversee, like NHS trusts and Thames Water, to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security. This includes requiring that they beef up their monitoring or isolate high-risk systems to protect and secure essential services

These are areas which could pose huge negative implications for the British economy and public services if targeted. The Office for Budget Responsibility (OBR) estimates that a cyber-attack on critical national infrastructure could temporarily increase borrowing by over £30 billion - equivalent to 1.1% of GDP.

New independent research published today shows the average cost of a significant cyber-attack in the UK is now over £190,000. This amounts to around £14.7 billion a year across the economy - equivalent to 0.5% of the UK's GDP.

Science, Innovation, and Technology Secretary Liz Kendall said:

Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I'm sending them a clear message: the UK is no easy target.

We all know the disruption daily cyber-attacks cause. Our new laws will make the UK more secure against those threats. It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge.

National Cyber Security Centre CEO Dr Richard Horne said:

The real-world impacts of cyber attacks have never been more evident than in recent months, and at the NCSC we continue to work round the clock to empower organisations in the face of rising threats.

As a nation, we must act at pace to improve our digital defences and resilience, and the Cyber Security and Resilience Bill represents a crucial step in better protecting our most critical services.

Cyber security is a shared responsibility and a foundation for prosperity, and so we urge all organisations - no matter how big or small - to follow the advice and guidance available at ncsc.gov.uk and act with the urgency that the risk requires.

National Chief Information Security Officer for Health and Care at Department of Health & Social Care, Phil Huggins said:

The Bill represents a huge opportunity to strengthen cyber security and resilience to protect the safety of the people we care for.

The reforms will make fundamental updates to our approach to addressing the greatest risks and harms, such as new powers to designate critical suppliers.

Working with the healthcare sector, we can drive a step change in cyber maturity and help keep services available, protect data, and maintain trust in our systems in the face of an evolving threat landscape.

Earlier this year, the government published the Cyber Governance Code of Practice setting out clear steps organisations should take to manage digital risks and safeguard their day-to-day operations. Whilst it is for companies to ensure they have proper protections in place, the Bill targets those that will have the maximum impact on improving cyber resilience, bringing the services that retailers, hospitals, councils and others depend on into scope - raising their baseline protects thousands of businesses in the long-term.

Recent cyber-attacks on managed service providers clearly make the case for updated laws. In 2024, hackers accessed the Ministry of Defence's payroll system via a managed service provider, while other recent attacks such as the Synnovis incident in the NHS resulted in over 11,000 disrupted medical appointments and procedures and some estimates suggesting costs of £32.7 million. This brings into sharp focus the impact cyber incidents can have on the public and our essential public services.

Organisations in scope will need to report more harmful cyber incidents to their regulator and the National Cyber Security Centre (NCSC) within 24 hours, with a full report within 72 hours, to ensure support can be on hand more quickly to help build a stronger national picture of cyber threats. If a data centre, or digital and managed service providers face a significant or potentially significant attack, they will have to notify customers which are likely to be impacted promptly so organisations can act fast to protect their business, people and services.

Data centres keep the UK running, from patient records and payments to email services and AI development. The Bill will bring them into scope of the regulations, ensuring they meet robust cyber security standards.

New safeguards will also cover organisations that manage the flow of electricity to smart appliances like electric vehicle charge points and electrical heating appliances in homes. This will reduce the risk of disruption to consumers using smart-energy appliances, and the grid, bolstering the UK's energy security.

The Bill represents a step change in how the government protects people in an increasingly dangerous world, supporting the National Security Strategy.

It will help to deliver greater economic stability, protect businesses and working people from the impact of cyber attacks, and support further investment into the UK's cyber security sector, which contributed £13.2 billion to the economy in the latest financial year.

It follows a recent letter from government ministers including the Technology Secretary, Chancellor and Business Secretary to business leaders and FTSE 350 firms, urging them to strengthen their cyber defences to face down the growing range of threats targeting the UK's leading organisations.

Organisations can make use of the free guidance and tools available from the NCSC - including Cyber Essentials , Active Cyber Defence services , and the Cyber Assessment Framework for the UK's most critical organisations - to help improve their resilience.

Simon Sheeran, Head of Cyber Security Oversight at the UK Civil Aviation Authority said:  

The aviation sector contributes billions of pounds to the UK economy and provides critical national infrastructure.

This Bill will help improve cyber defences essential for maintaining the already very high safety standards in aviation.  

The Civil Aviation Authority protect people and enable aerospace within a global eco-system, and the need for aviation to defend as one is a national imperative.

Jill Popelka, CEO of Darktrace, said:

In an era where cybercriminals move faster, experiment freely, and increasingly leverage AI to their advantage, the Cyber Security and Resilience Bill is an essential piece of legislation. It will improve the UK's defences, enabling businesses and public services to securely harness the opportunities provided by technology and innovation.

We've seen cyber attackers increasingly target supply chains and managed service providers in recent years, including vital institutions like the NHS and the Ministry of Defence. It's promising to see the Bill recognise the risk across the digital ecosystem. It's also good to see the government's focus on future-proofing the regulatory environment for cyber security and creating a stronger role for NCSC's Cyber Assessment Framework. These changes will help give organisations more confidence to adopt new technologies while staying prepared for the next evolution in threats.

Julian David OBE, CEO of techUK, said:

techUK welcomes today's introduction of the Cyber Security and Resilience Bill to Parliament which signals the government's ambition to modernise and future-proof the UK's cyber laws while fostering the resilience that will underpin our economic growth. It marks a significant step forward in prioritising the security of our nation's essential services.  

techUK looks forward to continuing to engage with the government as the Bill makes its way through Parliament, to help ensure that the measures are fit for purpose, practically implementable and can deliver their intended outcomes, protecting the UK from a diverse range of threats and enabling organisations to harness the benefits that technology can offer.

Sarah Walker, Chief Executive, Cisco UK and Ireland

We welcome the government taking action to overhaul the UK's cyber framework with the Cyber Security and Resilience Bill. This is a significant step in securing the UK against ever-increasing cyber threats. Our latest research shows the scale of the challenge ahead; only 8% of UK organisations are classed as 'Mature' in their cybersecurity readiness. As AI reshapes both attack and defence, we need regulation that keeps pace with this changing threat landscape. We are looking forward to collaborating with the UK government and working with our international partners to continue securing the UK's digital economy.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
Tags: , , , , , , , , , , , , , , , ,

You might also like

How Do Bats Navigate the Dark: Unveiling Echolocation
Cognitive Cooking: New Role of AI in Culinary Innovation
Neurocinematics: How Films Influence Brains & Emotions
Caffeine: How Does the World's Most Popular Drug Work?
Why We Can't Make Mars More Like Earth for Living
The Art of Bonsai: Miniature Trees with Immense Beauty