The UK government has revealed detailed plans for its forthcoming Cyber Security and Resilience Bill. This new legislation targets the enhancement of cybersecurity infrastructure across essential public services and critical sectors. Approximately 1,000 service providers will be included in this legislative framework, which aims to protect organisations providing essential IT services from cyber threats. This initiative forms part of the government’s Plan for Change, aimed at bolstering economic growth by improving digital security measures.
“Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable,” said Technology Secretary Peter Kyle. “Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage. The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world – giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.”
Economic impact of cyber threats
Cyber threats have had a significant impact on the UK economy, causing nearly £22bn in losses between 2015 and 2019. Notable instances include an attack on Synnovis, a pathology service provider for the NHS, which resulted in financial damages and numerous missed patient appointments. Furthermore, a simulated cyber-attack on key energy services in South East England indicated potential economic losses exceeding £49bn.
To address evolving cyber threats effectively, the government is considering additional measures, including empowering the Technology Secretary to direct organisations to enhance their cybersecurity frameworks. The government is also considering introducing new protective measures for over 200 data centres, which play a crucial role in data-driven industries such as AI.
In the year leading up to September 2024, the National Cyber Security Centre (NCSC) handled 430 cyber incidents, of which nearly 90 were classified as nationally significant. According to the Cyber Security Breaches Survey, 50% of UK businesses experienced some form of cyber breach or attack within the last 12 months, accounting for over seven million reported incidents in 2024.
The proposed Cyber Security and Resilience Bill aims to bolster vital infrastructure and digital services while allowing adaptability to respond to new challenges. It will grant the Technology Secretary the authority to update regulatory frameworks in response to advancements in the cyber threat landscape.
This announcement follows last year’s King’s Speech and aligns with previous government actions aimed at enhancing UK cybersecurity. Recent initiatives include establishing a global standard for AI cybersecurity, forming an international coalition to enhance cyber skills, and launching the Cyber Local programme to support growth in the £13.2bn cybersecurity sector.
If enacted into law, organisations and suppliers will be required to meet rigorous cybersecurity standards covering areas such as data protection and risk assessment. Regulatory authorities will gain new tools for incident reporting and analysis of cybersecurity vulnerabilities. The government will also gain flexibility to update regulatory frameworks as necessary, addressing technological advancements and emerging threats by potentially extending protections to new sectors or revising current security requirements.
Read more: UK designates data centres as critical national infrastructure to boost cybersecurity
