Managed Service Providers (MSPs) in the UK will face new cyber security laws as the UK government updates its Network and Information Systems (NIS) regulations following Brexit.
MSPs provide many IT services to businesses to include security monitoring and digital billing, which means that they often have greater access to customers’ IT networks.
As a result, cyber criminals view these providers as lucrative targets to exploit and steal confidential data.
Under the new changes, MSPs will be brought under the same regulations that govern essential services such as gas, water, and energy, meaning that they will have to improve internal cyber incident reporting systems and report to regulatory bodies such as Ofcom, Ofgem, and the ICO.
The regulation is set to include a grace period for service providers to adjust and conform to new rules, which will remain open, indicating that other industries may be brought under this legislation in the future.
A “cost recovery system” has been included in the laws, which is more transparent and factors in company size and the burden a fine would put on the business.
Remember, you can always check that your IT / MSP team is following the small business guide on your behalf. To view the Small Business Guide visit: https://www.nebrcentre.co.uk/wp-content/uploads/2022/04/NCSC_A5-Response-and-Recovery-Guide_v3_OCT20-1.pdf
For further updates on cyber security and the digital landscape, sign up for our free core membership.
The NEBRC is a non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to stay safe online through strong cyber security practices.