Cyber attacks are a serious and growing threat to UK businesses of all sizes. As the threat landscape evolves, the government is taking notice. Labour has announced plans to introduce a Cyber Security and Resilience Bill as part of their legislative agenda.
New cyber security bill
The proposed legislation aims to bolster the UK's cyber security framework by expanding and updating the 2018 Network and Information Systems regulations. It's expected to broaden protections for a wider range of digital services and supply chains, while also enhancing safeguards for critical infrastructure and public services. The bill also seeks to increase regulatory powers.
This development is timely and necessary, given the growing cyber security threats facing businesses. Recent high-profile cyber attacks have underscored the urgency of strengthening digital defences across various sectors. By addressing these evolving risks, the bill represents a proactive step towards creating a more resilient digital ecosystem for UK businesses and public services.
Impact of cyber attacks on businesses
At the business level, recent high-profile attacks serve as stark reminders of the potential consequences of inadequate cyber security measures. It was reported recently that two household names suffered the effects of cyber attacks including:
- Carpetright. The flooring retailer was reportedly stopped from trading by a cyber attack that infiltrated their systems with malware, disrupting both online and in-store operations for nearly a week, which resulted in customers being unable to place orders. Subsequently, Carpetright has announced store closures from the sales slump following the cyber attack, although it had been struggling with slowing consumer demand for some time.
- CVS Group, a large veterinary group, was reportedly targeted by a cyber attack, causing significant disruption to its business operations, and potentially exposing personal information to unauthorised access.
- The Information Commissioner’s Office (ICO) reprimanded the London Borough of Hackney for a 2020 cyber attack that compromised the sensitive data of 280,000 individuals, citing inadequate security measures and emphasising the need for improved data protection practices in local authorities.
Despite the rising threat, many businesses fail to implement basic cyber security measures. According to the ICO’s most recent Data Security Incidents Dashboard, cyber incidents accounted for 27% of all reported incidents in Q1 2024. While some attacks are growing in sophistication, many of those targeted have often overlooked fundamental practices, leaving themselves vulnerable.
Stephen Bonner, ICO Deputy Commissioner, stresses:
‘Many organisations neglect foundational cyber security. There's no excuse for not having basic controls in place. We will act, including fines, against those failing to secure their systems.’
But prioritising cyber security isn't just about avoiding fines. It builds customer and supplier trust, enhancing business reputation, which in turn can benefit profitability. This presents an important opportunity for businesses to turn a threat into a positive outcome.
The ICO's report identifies common security mistakes and offers guidance on improving protections. Additionally, we’ve created an introductory guide for those looking to understand how to prevent breaches of cyber security in their business.
However, the difficulty often lies in applying guidance in the real world. For practical and commercial advice tailored to your circumstances, get in touch with our experienced data protection specialists.
Related articles
How can we help?
To access legal support from just £145 per hour arrange your no-obligation consultation today. We aim to respond to all messages received within 24 hours.
Call 0800 689 1700 or email
enquiries@harperjames.co.uk.
