Data centres will be required to meet new minimum cybersecurity and resilience standards, according to new plans drawn by the UK government. These will include measures to protect data storage facilities from outages arising from fires, floods, extreme weather events and targeted cyberattacks, the Department for Science and Technology said in a statement. The government will also run a consultation process with industry stakeholders to inform the formulation of these standards, to run until 24 February 2024.
“Data is an increasingly important driver of our economic growth and plays a pivotal role across our public services,” said Sir John Whittingdale, minister for data and digital infrastructure. “Ensuring companies storing it have the right protections in place to limit risks from threats such as cyberattacks and extreme weather, will help us reap the benefits and give businesses peace of mind.”
In a separate consultation document, the government explained that new measures for the data storage sector were necessary to forestall systemic risks to the wider economy that might arise from outages caused by hostile action or natural disasters. It also conceded that the regulatory regime to enforce minimum safety standards at data centre facilities remains incomplete. “The government’s assessment is that it provides insufficient security and resilience oversight of the data centre sector given its national importance,” it said. “The range of risks and their potential impacts presents a precautionary case for considered government action and intervention.”
UK data centre safety standards strengthening as usage grows
These new proposals come amid soaring usage of connected devices, e-commerce services and social media throughout the UK. This has led to a parallel increase in the reliance of SMEs and large businesses on cloud and data centre infrastructure. Some 28% of all UK businesses now rely on services housed within the former, according to government estimates, with that rising to 62% among firms employing more than 250 staff. Meanwhile, the proportion of outages that cost over $100,000 has markedly increased, according to recent data from the Uptime. Research from Gartner also finds that downtime costs an average of $5,600 per minute.
UK technology industry association techUK welcomed the government’s announcement. “We commend the UK government for recognising the vital role of the data centres sector in underpinning our digital economy,” says Julian David, CEO of techUK. “It is encouraging that DSIT intends to consult and continue to collaborate with industry to enhance resilience across this critical sector.”
The government is also considering creating a new regulatory function to enforce its proposed measures, it confirmed, as well as designating parts of the data centre industry as critical national infrastructure. In the meantime, it encouraged businesses and other interested parties to participate in the consultation process for the proposed measures, which concludes early next year.
“The government is serious about keeping data safe, which is why we are calling on these businesses to actively share their insights and expertise, whilst also making sure we have the right regulations in place,” says Whittingdale. “By making security a top priority in how we handle data, we’re not only tackling new challenges but also making the UK a global leader in promoting safe and responsible technology.”