UK to compel firms to shore up cybersecurity after attacks

According to a statement from the Department for Science, Innovation, and Technology, the new law will apply to around 1,000 companies. These are firms that provide IT services to critical national infrastructure. The law is expected to be passed by the end of the year.

“Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage,” Technology Secretary Peter Kyle said in the statement.

The Cybersecurity and Resilience Bill is being treated as a priority by Prime Minister Keir Starmer’s administration following a series of cyberattacks. Notably, the bill follows last summer’s attack on Synnovis, a pathology services provider for the National Health Service, which resulted in thousands of delayed medical appointments.

Bloomberg reports that this attack paralyzed hospitals and clinics in London, impacting dozens of patients. In at least two cases, it caused long-term or permanent damage to their health.

Additionally, last year, the UK accused China of hacking the Electoral Commission and the Ministry of Defence’s payroll system. However, Beijing denied both allegations.

The Department for Science, Innovation, and Technology added that ministers are considering additional measures that would allow Peter Kyle to order specific companies to implement stronger defenses against hacks and supply chain threats. New security measures for data centers will also be proposed.

According to government data, cyberattacks cost the UK economy approximately $28 billion annually, with 50% of British businesses experiencing breaches or attacks in the past year.

In February 2025, the UK, the United States, and Australia imposed sanctions on the Russian company Zservers. The British government and the US Treasury reported that the company had supported the hacker group LockBit in carrying out ransomware attacks.