Hospitals, energy and water supplies and transport networks could be better protected from the threat of cyber-attacks under new laws being introduced in Parliament today.

The Cyber Security and Resilience Bill will regulate medium and large companies providing services like IT management, IT help desk support and cybersecurity to private and public sector organisations such as the NHS.

“Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties. This includes reporting significant or potentially significant cyber incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences,” said the government.

Regulators will also be given new powers to designate critical suppliers to the UK’s essential services such as those providing healthcare diagnostics to the NHS or chemicals to a water firm: this would mean they’d have to meet minimum security requirements – shutting down gaps in supply chains criminals could exploit which could cause wider disruption.

Tougher turnover-based penalties for serious breaches will also be introduced, while the Technology Secretary gets new powers to instruct regulators and the organisations they oversee to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security.