Organisations that fail to implement “effective” cybersecurity measures could be fined as much as £17 million or 4% of global turnover.
The warning from the UK Government comes as it aims to ensure essential services like energy, water, transport, health and digital infrastructure firms are prepared to deal with the increasing number of cyber threats.
Companies would also be required to develop strategies to cover power failures and environmental disasters, raise staff awareness and training and develop security monitoring to ensure they can recover quickly after any event.
Fines would however be a last resort and will not apply to firms that have assessed the risks adequately, taken appropriate security measures and engaged with competent authorities.
The plans, part of the government’s £1.9 billion investment to “significantly transform” the UK’s cyber security, are being considered as part of a consultation launched by the Department for Digital, Culture, Media and Sport.
It believes firms that take cybersecurity seriously should already have measures in place to protect them against cyber attacks.
Digital Minister Matt Hancock said: “Network and information systems and the essential services they support play a vital role in society, from ensuring the supply of electricity, water and health services to the provision of passenger and freight transport. Their reliability and security are essential to economic and societal activity and the functioning of UK and European markets.
“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.”
The consultation closes on 30th September 2017.