UK introduces new cyber law to combat £14.7B annual economy hit from cyberattacks

The UK government plans to introduce the Cyber Security and Resilience Bill on Wednesday to strengthen the country’s defenses against disruptive cyberattacks that have put pressure on the British economy.

This comes amid calls for British businesses to take concrete action to protect themselves from cyberattacks, as the number of nationally significant incidents spikes.

Research indicates cyberattacks cost the UK economy around £14.7 billion a year, or 0.5% of the country’s GDP. The bill’s rules could apply to up to 1,000 companies, officials say. The legislation will focus on critical sectors, including healthcare, energy, transportation, water, and digital supply chains. 

Cyberattacks have spiked by 50% in the past year, and the UK’s security services are now dealing with a new nationally significant attack more than every other day, figures from the National Cyber Security Centre (NCSC) have revealed.

New bill promises stricter cyber regulations

The new law will apply to medium and large companies that provide IT or digital services to the public sector and critical infrastructure. This includes suppliers to the NHS, energy companies, and transport networks.

Regulators will be able to designate certain companies as “critical suppliers” and ensure they meet basic cybersecurity standards. Companies that fail to comply may face fines or other penalties.

Richard Horne, the National Cyber Security Centre’s chief executive, said the new bill was a welcome development, noting that the real-world consequences of cyberattacks have been more evident in recent months than ever before.

In August, Jaguar Land Rover fell victim to a massive cyberattack that disrupted its production lines, forcing the company to halt car production for several weeks. The attackers are said to have been attempting to sow widespread operational disruption and long-term damage at one of Britain’s highest-profile automotive brands.

Although the company’s security team was able to contain the breach before it became as damaging as intended, the full impact of its consequences is impossible to ignore. Production was suspended for over a month, and the delay is estimated to have cost the UK economy approximately £1.9 billion.

The new act aims to broaden the scope and encompass a wider range of service providers, as well as IT vendors. It depends on rapid reporting of cyber events and strong reactive investigations.

Regulators will have more power to address risks before they become attacks. The law is designed to protect essential public services. It highlights the responsibilities of companies that utilize managed service providers (MSPs), which attackers frequently target to gain access to multiple organizations. The bill would require these suppliers to meet strict cybersecurity standards.

Businesses react as cyber rules take effect

The NCSC has been on call to counter cyber threats and bolster the UK’s digital resilience. Helping organizations strengthen their defenses is part of the government’s plan to deliver national renewal, focused on security, opportunity, and accountability.

The new bill has been described as a “step-change” in how the UK deals with cyber risks by industry leaders. Some have worried about the expense of compliance and enforcement ambiguities.

The bill is now before Parliament, where it will be scrutinized and debated by lawmakers, who may seek to amend it. If the amendments are approved, it would be one of the most powerful cyber laws seen in the UK for years.

Companies are already being warned to prepare by auditing their IT supply chains, updating incident response plans, and determining whether the new rules apply to them. Ministers hope the legislation will help protect the UK’s digital economy and critical infrastructure from cyberattacks.

Get up to $30,050 in trading rewards when you join Bybit today