UK organisations could face huge fines for cyber security failures

Government proposes penalties as 'last resort' for those failing to adequately assess risks and prevent damage

British organisations could face fines of up to 17m, or 4% of global turnover, if they fail to take measures to prevent cyber-attacks that could result in major disruption to services such as transport, health or electricity networks.

But the proposals, which are being considered as part of a government consultation launched on Tuesday, say that financial penalties will be used as a "last resort" and not applied if organisations facing an attack can prove they assessed the risks adequately.