Published on: April 3, 2025
The UK government is introducing a new law to protect hospitals, energy companies, and other important services from cyber-attacks. The Cyber Security and Resilience Bill will require 1,000 IT companies that help run public services to improve their security.
This is part of the government’s Plan for Change, which aims to keep essential services safe and help the economy grow.
“Ensuring the security of the vital services which will deliver that growth is non-negotiable,” Technology Secretary Peter Kyle said.
Cyber-attacks have cost the UK billions of pounds. Last year, a cyber-attack on Synnovis, a company that helps the NHS, cost £32.7 million and caused thousands of missed patient appointments. Experts warn that if hackers attack energy services in South East England, it could cost £49 billion in damage.
Health Secretary Wes Streeting said the law will help protect the NHS.
“This bill will boost the NHS’s resilience against cyber threats, secure sensitive patient data, and make sure life-saving appointments are not missed,” Streeting said.
The law will also give the Technology Secretary more power to order companies to improve security and respond quickly to new threats. The government may also add extra protection for over 200 data centres, which store important digital information for businesses and people.
The National Cyber Security Centre (NCSC) reported 430 cyber-attacks in the past year, with 89 being very serious. NCSC CEO Richard Horne called the bill “a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day.”
The bill will be presented to Parliament this year as part of the UK’s plan to fight cybercrime and protect the country’s digital future.