Risk Management Consultancy Assent review recent announcements from UK Digital Minister Matt Hancock:
As the Digital Minister, Matt Hancock announces the expected Data Protection Bill which sets out the UK’s approach to the European General Data Protection Regulations (GDPR), a separate consultation is published on plans to force organisations to demonstrate they have plans to cover power failures and environmental disasters.
Network and Information Systems (NIS) directive
It’s part of a move towards implementing the European Network and Information Systems (NIS) directive, which focuses on protecting services, rather than personal data.
The Network and Information Systems (NIS) directive also comes into effect in May 2018.
Resilient Network Services
Building resilience into network services is essential to modern economies and many of the companies we rely on can be disrupted by a network outage.
Recent examples include the Cyber Attack which Affected the NHS and the Power Failure when caused long delays and disruption for British Airways passengers.
Cyber Attacks are Increasing
As this visual representation of the data shows, breaches of over 30,000 records were sparse just 10 years ago but today it’s crowded with large numbers of compromised records and high profile attacks.
World’s Biggest Data Breaches: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Organisations of All Sizes Need a Cyber Strategy
While the Network and Information Systems (NIS) directive will have caught the attention of major infrastructure providers and large corporations, companies of all sizes should be prepared for a Cyber Attack that could affect their business and customers.
A first step might be to implement Cyber Essentials, a scheme recognised by the government, which ensures a basic level of IT security.
Creating a Business Continuity Plan that considers the threats to your business and how you can over-come them is also a useful exercise to undertake.
More data heavy companies could turn to ISO 27001 the international standard for information security, which takes a risk based approach to managing information security.
Making the UK “the safest place in the world to live and be online”
We all play a part in building the UK’s tech resilience and the legislative burden on organisations who process personal data or provide essential network information services is set to increase.
Likewise the penalties for failing to comply with new legislation are also going up, with the biggest offenses under GDPR attracting a fine of up to £17Million or 4% of a Company’s Turnover.
The UK Government’s Consultation on the Security of Network and Information Systems Directive closes 30th September 2017. See the details here: https://www.gov.uk/government/consultations/consultation-on-the-security-of-network-and-information-systems-directive
- UK data protection laws to be overhauled, 07/08/17 http://www.bbc.co.uk/news/technology-40826062
- Firms face £17m fine if they fail to protect against hackers, 07/08/17 http://www.bbc.co.uk/news/business-40857219
- Data Protection Bill: How will the new laws affect you? http://www.telegraph.co.uk/technology/0/data-protection-bill-will-new-laws-affect/