The UK government crackdown on MSPs with poor security has come “many years too late”.
For those not in the know, MSPs could be fined up to £17 million under new proposals published a few weeks ago if they are found to have failed to put in place effective security measures.
The move is supposed to counter a surge in supply chain attacks which are expected be massively up compared to 2020.
The UK government is to expand its Network and Information Systems (NIS) regulation – which covers companies that provide essential services such as water, energy, transport, healthcare and digital infrastructure – to now include managed services providers.
This means that MSPs will now fall under the NIS regulation and will have to comply to its cybersecurity standards or else risk being handed a fine.
Most have welcomed the news but said that the introduction of a financial penalty has come “many years too late”. Some MSPs had written into their terms and conditions that security was not their responsibility, even though they’ve been selling security services to the client.
Others quoted in the media see it as necessary but feel their industry is already over-regulated. Another issue appears to be that GDPR is being used as a reason to enforce stiff fines for poor behaviour.