In August of last year, the UK government announced plans to start fining businesses for not having cyber security measures in place. Businesses working in services such as energy and transportation would be liable for up to $17 million for failing to have cyber security in place. This seems to be a direct response to the WannaCry attack of last year, as many businesses were exposed and their lack of security features heavily preyed upon during that time.
In May of 2018 these plans will come to fruition as laws. The Department for Digital, Culture, Media and Sport of UK will be partnering with the EU network and Information Systems Directive and will be applying these laws under “grounds of national security; a potential threat to public safety; or the possibility of significant adverse social or economic impact resulting from a disruptive incident.”
For companies that deal with infrastructure as a service, such as data centers, there will be requirements to show there are security measures in place and some sort of a prevention plan.
Sarah Armstrong-Smith, of Fujitsu UK and Ireland, said, “In security we talk about when not if a security breach will occur, but that does not mean organisations should not be taking all the necessary precautions to limit the potential impact of a breach.” We could not agree more! But fines for not having certain measures, or if your infrastructure ends up being vulnerable to a cyber crime?
Being fined for things you don’t have is not uncommon ground. Here in America you receive a hefty fine for not having health insurance or driving an uninsured car. What about being fined for not having cyber security insurance? Could this be the future of America? We’d love to hear your thoughts!
Check out Fibernet’s cyber security services here and see how our Managed Services team can insure your system.