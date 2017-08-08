Cyber security experts have welcomed the government’s proposal, believing it will prompt organisations to move away from systems that lack robust cyber security in the face of relentless hackers.

Airlines, electricity firms and broadband providers could face multi-million pound fines if they fail to take measures to prevent cyber attacks that result in major disruption to services, under a government plan to be announced today.

The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue bigger fines, of up to £17m or 4% of global turnover, in cases of the most serious data breaches.

Digital minister Matt Hancock, said: 'We want the United Kingdom to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards'.

A spokesman said: “Fines would be a last resort, and they will not apply to operators that have assessed the risks adequately and taken appropriate security measures”.

Penalties proposed for flaws in network and information systems under the NIS Directive will be similar to those coming for data protection with the General Data Protection Regulation, due to be in force by May 2018.

However, while the GDPR focuses on organisations that lose sensitive data, the government says the NIS Directive focuses on the loss of infrastructure services.

It comes after several major global cyber attacks in recent months, including the WannaCry attack that crippled large parts of the NHS and another major ransomware attack that hit numerous world’s largest firms.

Ciaran Martin, the chief executive of the National Cyber Security Centre said: “The NCSC is committed to making the United Kingdom the safest place in the world to live and do business online, but we can’t do this alone”, he said.

He urged public and private providers to weigh-in on the consultation.

Operators will also need to develop a strategy and policies to understand and manage cyber security risks.