UK (Parliament Politics Magazine) – Technology Secretary Liz Kendall says the new Cyber Security and Resilience Bill protects NHS, transport, energy, and essential services from attacks
As reported by The Independent, the UK plans new legislation to impose strict cybersecurity rules on companies supporting the NHS, transport, and energy infrastructure.
Ministers will unveil the Cyber Security and Resilience Bill on Wednesday to enhance national security and protect critical sectors.
The legislation seeks to maintain essential services, from utilities to transport, amid rising cyber threats targeting UK infrastructure.
What did Liz Kendall say about the new cyber security law?
Technology Secretary Liz Kendall will gain new powers to compel regulators and organisations to take tougher measures against cyber threats.
She said,
“Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.”
Ms Kendall stated,
“We all know the disruption daily cyber-attacks cause. Our new laws will make the UK more secure against those threats. It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge.”
What did Dr Richard Horne say about the new cyber security laws?
The government’s new cyber bill has received support from National Cyber Security Centre CEO Dr Richard Horne.
He said,
“The Cyber Security and Resilience Bill represents a significant step towards ensuring the nation’s most critical services are better protected and prepared in the face of an increasingly complex threat landscape.”
Mr Horne stated,
“The real-world impacts of cyber attacks have never been more evident than in recent months and so we welcome the move to strengthen legislation and regulatory powers to help drive up the level of defence and resilience across critical national infrastructure.”
He added,
“Cyber security is a shared responsibility and foundation for prosperity, and so we urge all organisations, no matter how big or small, to follow the advice and guidance available at ncsc.gov.uk and to act on it with the urgency that the risk requires.”
What did Phil Huggins say about the new cyber bill?
National Chief Information Security Officer for Health & Care at NHS England, Phil Huggins, stated,
“The Bill represents a huge opportunity to strengthen cyber security and resilience to protect the safety of the people we care for.”
He said,
“The reforms will make fundamental updates to our approach to addressing the greatest risks and harms, such as new powers to designate critical suppliers.”
Mr Huggins continued,
“Working with the healthcare sector, we can drive a step change in cyber maturity and help keep services available, protect data, and maintain trust in our systems in the face of an evolving threat landscape.”
How are businesses and critical sectors reacting to the new cyber law?
Simon Sheeran, Head of Cyber Security Oversight at the UK Civil Aviation Authority, stated,
“The aviation sector contributes billions of pounds to the UK economy and provides critical national infrastructure. This Bill will help improve cyber defences essential for maintaining the already very high safety standards in aviation.”
He added,
“The Civil Aviation Authority protect people and enable aerospace within a global eco-system, and the need for aviation to defend as one is a national imperative.”
Sarah Walker, CEO of Cisco UK and Ireland, said,
“We welcome the government taking action to overhaul the UK’s cyber framework with the Cyber Security and Resilience Bill. This is a significant step in securing the UK against ever-increasing cyber threats. Our latest research shows the scale of the challenge ahead; only 8% of UK organisations are classed as ‘Mature’ in their cybersecurity readiness.”
She continued,
“As AI reshapes both attack and defence, we need regulation that keeps pace with this changing threat landscape. We are looking forward to collaborating with the UK government and working with our international partners to continue securing the UK’s digital economy.”
Jamie MacColl, Senior Research Fellow, Cyber and Tech, Royal United Services Institute, stated,
“The events of 2025 have proven beyond doubt that improving national cyber security and resilience is essential for the UK’s economic security. The arrival of new legislation to better protect our most critical national infrastructure is an important step in improving cyber resilience in the UK.
However, it is also important that organisations outside of the scope of the Bill up their game on cyber security and resilience. We urgently need to build collective resilience to inspire confidence in the face of threats from hostile states and criminals.”
How could new laws protect critical UK infrastructure from cyber attacks?
According to the National Cyber Security Centre, attacks from China and Russia posed a “significant threat,” reaching a record level of serious online incidents.
The Office for Budget Responsibility warned a major cyber-attack on essential national infrastructure could push borrowing over £30 billion, or 1.1% of GDP.
New studies released on Wednesday reveal UK cyber-attacks now average £190,000, totalling £14.7bn annually, or 0.5% of GDP.
The new legislation will regulate IT operations, help desk support, and cybersecurity firms serving both public and private sectors.
Companies managing critical networks must follow strict security rules and report major cyber incidents to the government and clients.
Regulators can label key providers of essential UK services, like NHS diagnostics or water chemicals, as critical suppliers. They must meet minimum security standards to block supply chain gaps, with new powers granted to regulators.
The new bill will impose heavy fines to stop companies from cutting corners on public services.
Which major UK businesses are affected by cyber attacks?
- Marks & Spencer (M&S): Hit by ransomware, disrupting online orders and payments; estimated £300m losses.
- The Co-operative Group: Large-scale cyber breach hit millions of members; estimated £206m losses.
- Jaguar Land Rover (JLR): Cyber incident disrupted production and supply chains; £120m direct losses, £1.7bn in lost revenue.
- Harrods and Adidas also faced attacks, but with smaller reported financial impacts compared to the above.
What are the five major cyber attacks?
The five major cyber attacks everyone needs to be aware of in 2025 are:
- Ransomware attacks
- Distributed Denial of Service (DDoS) attacks
- Phishing and Spear Phishing
- Man-in-the-Middle (MitM) attacks
Supply Chain attacks