by supplychainreport
The UK government has formally introduced the Cyber Security and Resilience Bill to Parliament, aimed at enhancing the country’s defences against growing cyber threats. The Bill, presented for its first reading, proposes updates to the existing Network and Information Systems (NIS) Regulations 2018, focusing on protecting essential and digital services.
The legislation targets key sectors including healthcare, energy, water, and transport, with the goal of reducing risks of service disruption by strengthening cyber protections for organisations that underpin daily life and economic activity. Recent reports indicate that the UK faces an average of four major cyberattacks per week, highlighting the need for robust cyber resilience measures.
Under the proposed laws, medium and large companies providing IT management, help desk support, and cyber security services to public and private organisations would be regulated for the first time. These firms, often trusted with access to critical infrastructure and government networks, would be required to maintain strong incident response plans and promptly report significant cyber incidents.
Regulators would also gain authority to designate suppliers as critical to essential services, such as providers of healthcare diagnostics or chemical supplies to utilities. Designated suppliers would need to meet minimum security standards to address vulnerabilities in supply chains that could be exploited by cyber actors.
The insurance sector reflects the growing cyber threat landscape. Over the past year, UK cyber insurance claims surged by 230%, with ransomware attacks a major contributor. Financial and professional services have been particularly impacted, highlighting the rising operational and financial risks of cyber incidents.
Modernising the Cyber Risk Framework
The Bill includes measures to modernise enforcement, with stricter penalties for serious breaches based on company turnover. The Technology Secretary would gain powers to direct regulators and organisations, such as NHS trusts and utility providers, to take specific actions to prevent attacks when threats are identified.
The Office for Budget Responsibility estimates that a cyber incident affecting critical infrastructure could temporarily increase government borrowing by over £30 billion. Independent research suggests that the average cost of a significant cyber-attack in the UK now exceeds £190,000 per incident, totaling approximately £14.7 billion annually.
Science, Innovation, and Technology Secretary Liz Kendall stated, “Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.” She added that the Bill would help reduce disruption to NHS appointments, local services, and businesses while enabling a faster national response to emerging threats.
Dr Richard Horne, CEO of the National Cyber Security Centre, described the Bill as “a crucial step in better protecting our most critical services” and emphasised that cyber security is a shared responsibility, urging organisations to follow official guidance and act with urgency.
#SupplyChainReport #NewsUpdate #CyberSecurityNews #DigitalResilience #GlobalSecurity
