The UK government has set out its new cyber law aimed at safeguarding the UK economy and securing long-term growth.
The Department of Science, Innovation and Technology (DSIT) has published details of the scope of the Cyber Security and Resilience Bill, which was initially announced in the King's Speech 2024.
In a statement, DSIT said that the new law form part of government’s drive to secure Britain’s future through the Plan for Change, delivering security and renewal by strengthening its critical infrastructure. It added that the legislation will give the British public, businesses and investors greater confidence in digital services – supporting government’s aim to kickstart economic growth.
Cyber threats cost the UK economy almost £22 billion a year between 2015 and 2019, and cause significant disruption to the British public and businesses. Last summer’s attack on Synnovis – a provider of pathology services to the NHS – cost an estimated £32.7 million and results in thousands of missed patient appointments. Figures also show a hypothetical cyber-attack focused on key energy services in the South East of England could wipe more than £49 billion from the wider UK economy.
Secretary of State for Science, Innovation, and Technology, Peter Kyle, said, “Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable.
“Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.
“The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world - giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.”
Wes Streeting, the health and social care secretary, said, “Cyber attacks are becoming increasingly sophisticated and create real risks for our health service if we do not act now to put the right protections in place.
“We are building an NHS that is fit for the future. This bill will boost the NHS’s resilience against cyber threats, secure sensitive patient data and make sure life-saving appointments are not missed as we deliver our Plan for Change.”
The government is also looking additional measures to make sure that it can respond effectively to new cyber threats and take quick action where needed to protect the UK’s national security. This includes giving the Technology Secretary powers to direct regulated organisations to shore up their cyber defences – putting the UK in the strongest possible position to defend against new and existing threats.
Another potential avenue may include new protections for more than 200 data centres – bolstering the defences of one of the main drivers of economic growth and innovation, including through AI. Data centres process huge amounts of data which they need to churn out new products. The government will now consider the best route to deliver these additional measures.
In the year to September 2024, the National Cyber Security Centre (NCSC) managed 430 cyber incidents, with 89 of these being classed as nationally significant – a rate of almost two every week. The most recent iteration of the Cyber Security Breaches Survey also highlights that 50 per cent of British businesses suffering a cyber breach or attack in the last 12 months, with more than 7 million incidents being reported in 2024.
To face down this threat, the Cyber Security and Resilience Bill will ensure the vital infrastructure and digital services the country relies on is secure.
Richard Horne, CEO, NCSC, said, “The Cyber Security and Resilience Bill is a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare.
“It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries.
“By bolstering their cyber defences and engaging with the NCSC’s guidance and tools, such as Cyber Assessment Framework, Cyber Essentials, and Active Cyber Defence, organisations of all sizes will be better prepared to meet the increasingly sophisticated challenges.”
While the legislation will provide the UK with the cyber defences it needs now, it also includes measures to ensure a swift response to new threats which emerge in the future. To do this, the Technology Secretary will be given powers to update the regulatory framework to keep pace with the ever-changing cyber landscape.
The Cyber Security and Resilience Bill will be introduced to Parliament this year.