Businesses and service providers who do not set up proper cyber-security measures could face £17 million fines under new Government proposals announced today.
The measures, partly in response to the crippling NHS cyber-security attacks of earlier this year, would affect energy, transport and health providers.
The suggested fines - a maximum of either £17m or 4 per cent of global turnover - are aimed at stopping hackers crippling vital infrastructure.
They would not apply to operators who had followed proper procedures but still suffered an attack, the Department for Digital, Culture, Media and Sport (DCMS) said.
Measures will include monitoring threats and detecting attacks, good staff training, and having quick-recovery systems in place.
The plans are part of a consultation launched by the DCMS on Tuesday with the aim of launching the Network and Information Systems (NIS) directive from May 2018.
Minister for Digital Matt Hancock said: "We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards."
He urged public and private providers to weigh-in on the consultation.
The measures are about loss of service and not data, which is covered under General Data Protection Regulations.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies