UK Government launches new cybersecurity bill

The UK Government has introduced a bill designed to increase the UK’s cybersecurity capabilities in the face of rising cyber incidents. 

The bill, which is targeted to support critical national infrastructure like hospitals, water suppliers and transport networks, is intended to strengthen national security and protect growth by boosting cyber protections for the services that people and businesses rely on every day. 

Technology Secretary Liz Kendall said: “Cybersecurity is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.” 

The bill will give regulatory powers to the government over medium and large companies providing services like IT management, IT help desk support and cyber security to private and public sector organisations like the NHS. This is intended to increase cybersecurity for organisations that hold sensitive information about government and essential services. 

Regulators will also be given new powers to designate critical suppliers that meet minimum security requirements to the UK’s essential services, such as those providing chemicals to a water firm and electricity to charging grids. This will close gaps in cybersecurity systems that can be exploited by criminals and foreign actors.  

Organisations that are classed as an important part of the national infrastructure will also need to report more harmful cyber incidents to their regulator and the National Cyber Security Centre (NCSC) within 24 hours, with a full report within 72 hours, to ensure support can be on hand more quickly to help build a stronger national picture of cyber threats. 

“The real-world impacts of cyber-attacks have never been more evident than in recent months, and at the NCSC we continue to work round the clock to empower organisations in the face of rising threats,” said Dr Richard Horne, chief executive at the NCSC. “As a nation, we must act at pace to improve our digital defences and resilience, and the Cyber Security and Resilience Bill represents a crucial step in better protecting our most critical services.” 

The areas which are covered by this new bill are ones that could pose huge negative implications for the British economy and public services if targeted. The Office for Budget Responsibility (OBR) estimates that a cyber-attack on critical national infrastructure could temporarily increase borrowing by over £30bn – equivalent to 1.1 per cent of GDP.  

New research published today shows the average cost of a significant cyber-attack in the UK is now over £190,000. This amounts to around £14.7bn a year across the economy – equivalent to 0.5 per cent of the UK’s GDP.  

The bill follows on from a letter sent by the UK government warning that the amount of “highly significant” cyber-attacks on businesses in the UK rose by almost 50 per cent since 2024, according to a review by the NCSC.