UK mulling massive fines to critical infrastructure at risk of cyberattacks

A United Kingdom regulatory body is considering fines up to $22 million or four percent of global revenue to critical infrastructure with poor cybersecurity. 

The fines would be a “last resort” for companies failing to protect electricity, transport, water, energy, transport, health and digital infrastructure, according to a press release from the Department for Digital, Culture, Media and Sport on Tuesday. 

{mosads}”We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyberattack and more resilient against other threats such as power failures and environmental hazards,” said U.K. Minister for Digital Matt Hancock. 

The fines would stem from Britain’s enactment of loss of service protections in European Union’s soon-to-be-enacted General Data Protection Regulations (GDPR). The proposal is up for public comment, with responses due by September. 

The press release stresses that fines would only be applied to companies without basic cybersecurity measures. “Any operator which takes cyber security seriously should already have such measures in place,” it reads.