The UK is planning on updating its Network Information Systems (NIS) legislation to bring MSPs into scope and they will become "Critical Service Providers" as far as the rules are concerned.
This means that MSPs who fail to put in place effective cyber security measure could face fines of up to £17m (approx USD $20m)
This could be huge news, but is a reaction to the increasing role MSPs have to play in supporting critical infrastructure in the UK and that they are becoming more of a target for cyber criminals to use in supply chain attacks. This is where the malware can be deployed using the MSPs tools.
What do you think this will mean for MSPs in the UK? Is this the beginning of a movement to stronger regulation for MSPs worldwide? Are you concerned about the potential fines for your MSP?
Let me know below.
More information here and straight from the government here