The UK Government has announced that critical national infrastructure companies will face fines of up to £17m if they fail to protect themselves from cyber-attacks, effective May 2018. Critical national infrastructure companies include energy, transport, health and water companies. They are being told that they should have in place “the most robust safeguards”. The National Cyber Security Centre has published guidance about what these should be.
A Government Minister commented: “We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services.”
Many of these companies are in poor shape when it comes to cyber security. WannaCry had a severe impact on the UK’s National Health Service in May 2017. A report by Ernst and Young last month demonstrated that utilities are ill-equipped to face the increasingly disparate cybersecurity threat. Key findings were:
- 100% of survey respondents say their cybersecurity function is not fit for purpose
- Utilities struggle to monitor their digital ecosystem more than all other sectors
- 85% of respondents say they don’t have a robust incident response program
i2O takes its responsibilities as a supplier to companies that manage critical national infrastructure very seriously. It is ISO 270001 accredited. ISO 270001 is the global gold standard for information security.