UK May Punish Companies For Getting Hacked

[Shutterstock - Georgejmclittle - 319423463]

Daily Caller News Foundation logo
Eric Lieberman Managing Editor
Font Size:

The U.K. is reportedly working on legislation that would allow government officials to fine particular companies substantial amounts of money if the organizations are hacked and they later determine the companies didn’t do enough to stop it.

The financial penalties could be as high as 17 million euros (nearly $20 million USD), or 4 percent of their total revenues, according to tech news outlet ZDNet.

The Department for Digital, Culture, Media and Sport says the monetary penalties would be a last resort. It would only apply to companies in industries like transportation, electricity, water, energy, and health care. Also, the government will allegedly not levy a fine if it determines that the organizations had an appropriate cybersecurity system already implemented before the breach.

“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber attack and more resilient against other threats such as power failures and environmental hazards,” U.K. Digital Minister Matt Hancock said, according to ZDNet.

How it will determine what sufficient cybersecurity protocol is, as in what exact metrics it will use, is not yet clear.

The pending plan would align the U.K.’s regulatory framework with the European Union’s, specifically its Network and Information Systems (NIS) Directive.

“The NIS Directive is an important part of this work and I encourage all public and private organizations in those sectors to take part in this consultation so together we can achieve this aim,” Hancock said.

Although the U.K. voted to leave the EU in a referendum last year, it will likely have to abide by NIS, potentially even after the projected date for the official exit in 2019.

The country is also trying to ensure that is is complying with another EU law. (RELATED: UK Using Terror Attack To Pry Its Way Into Citizens’ Cell Phones)

Known as the “right to be forgotten,” Hancock proposed new measures Monday that would force social media companies like Facebook to delete personal information upon request, among other mandates. The statutes would be parallel to ones the EU is expected to implement by May 2018.

Follow Eric on Twitter

Send tips to

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact