Noah Romsdal Hallundbæk Sørensen
New UK legislation cracks down on hackers following major breaches of the NHS and Ministry of Defence — with tougher penalties and expanded cybercrime powers.
Britain is preparing to roll out tougher cyber defence rules for companies supplying technology and digital support to public services, following a wave of damaging online attacks that hit major institutions and brands, Reuters reports.
The move aims to safeguard sensitive networks such as the National Health Service (NHS) and government departments, which have faced repeated cyber intrusions in recent years.
Recent breaches
Earlier this year, hackers infiltrated the Ministry of Defence’s payroll system, exposing sensitive data. Another cyberattack caused the cancellation or delay of more than 11,000 NHS appointments and procedures.
The new proposals come after a string of incidents affecting major UK companies including Marks & Spencer, the Co-op, and Jaguar Land Rover, raising alarm over the country’s vulnerability to large-scale data breaches.
New legal requirements
Under the planned legislation, medium and large firms providing services like IT management, help desk support, and cybersecurity to public and private sector clients would face regulation for the first time, according to a government statement released on Wednesday.
“Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties,” the Department for Science, Innovation and Technology (DSIT) said.
Incident reporting and penalties
If passed, the rules would compel companies to swiftly report significant or potentially significant cyber incidents to both government agencies and affected clients. They would also be required to demonstrate robust response plans to contain and mitigate breaches.
Regulators would be granted authority to classify certain suppliers as “critical” to essential services, giving them oversight and enforcement powers. The DSIT said that serious non-compliance could lead to tougher financial penalties.
Ban on ransom payments
In a further step, the government outlined plans to prohibit public sector organisations and operators of critical national infrastructure—including hospitals, councils, and schools—from paying ransom demands to cybercriminals.
The policy aims to discourage ransom-based attacks, which officials say can embolden hackers and create long-term risks to public safety and trust in essential services.
Sources: Reuters
This article is made and published by Noah Romsdal Hallundbæk Sørensen, who may have used AI in the preparation
