Data centres, Managed Service Providers (MSPs) and critical infrastructure such as hospitals and energy suppliers will be required to strengthen their cyber security under new government plans.
The government’s Cyber Security and Resilience Bill, first announced in the King’s Speech last year sets out new robust cyber security requirements that more organisations and IT suppliers will need to meet as part of efforts to shore up defences against cyber attacks. Approximately 1,000 service providers will fall into scope of measures expected to be introduced later this year.
Cyber threats cost the UK economy almost £22 billion a year between 2015 and 2019 and cause significant disruption to the British public and businesses, while a hypothetical cyber attack on energy services affecting just the South East of England could cost over £49 billion in lost output. The most recent Cyber Security Breaches Survey also highlights 50% of British businesses suffering a cyber breach or attack in the last 12 months, with more than 7 million incidents being reported in 2024.
Alongside strengthening cyber security requirements for MSPs, new protections for the UK’s more than 200 data centres are also being considered as a result of their increasing importance in AI, as well as day-to-day activities such as banking and online shopping.
The Bill will also give regulators more tools to improve cyber security and resilience in the areas they regulate, as well as increase requirements for businesses to report incidents.
Secretary of State for Science, Innovation, and Technology, Peter Kyle, said:
“Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.
“The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world – giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.“
Richard Horne, CEO of the National Cyber Security Centre (NCSC) which managed 89 nationally significant incidents in the 12 months to September 2024, said:
“The Cyber Security and Resilience Bill is a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare.
“It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries.
“By bolstering their cyber defences and engaging with the NCSC’s guidance and tools, such as Cyber Assessment Framework, Cyber Essentials, and Avctive Cyber Defence, organisations of all sizes will be better prepared to meet the increasingly sophisticated challenges.“
New cyber laws to boost security requirements for data centres and MSPs 
UK businesses facing higher costs for cloud services due to lack of competition 
AI chatbot to be trialled to help businesses find information on government website