Tuesday, 23rd October 2018

70% of UK critical infrastructure organisations could be liable for fines under the NIS Directive

If maximum fines were imposed, it could cost the UK economy more than ?2.5 billion.

More than two thirds of UK critical infrastructure organisations (70%) have suffered from service outages on their IT networks in the past two years, leaving them potentially vulnerable to receiving fines under the new NIS Regulations which come into force next week, according to data revealed under the Freedom of Information Act by Corero Network Security.

After 9th May 2018, when the EU’s Network and Information Systems (NIS) Directive is implemented into UK law, such outages would have to be reported to regulators, who have the power to impose financial penalties of up to ?17 million where infrastructure operators have failed to protect themselves against loss of service. Had the service outages occurred after this date, and all the affected organisations were deemed to have failed to protect themselves, the total fines for all affected organisations would cost the UK economy more than ?2.5 billion.

The Freedom of Information requests were sent by Corero, in January and February 2018, to 312 critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers, transport organisations and water authorities. In total, 221 responses were received, with 155 admitting to having suffered a service outage on their networks in the past two years. In addition, over a third (35%) of the service outages reported in the study were believed to have been caused by a cyber attack.

Andrew Lloyd, President at Corero Network Security, comments: “Service outages and cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption by preventing access to essential services such as power, transport and the emergency services. The fact that so many infrastructure organisations have suffered from service outages points to an alarming lack of resilience within organisations that are critical to the functioning of UK society.

“Across all sectors, we are seeing a greater number of sophisticated and, when undefended, damaging cyber-attacks. Government Ministers and Agencies have reported that these attacks are increasingly believed to be the work of foreign governments seeking to cause political upheaval. The head of the National Cyber Security Centre has already warned that it is a matter of when, not if, the UK experiences a devastating cyber attack on its critical infrastructure. The study poses serious questions about the UK’s current capability to withstand such an attack.”

The world’s elite group of data center professionals has been confirmed at the very first graduation...
Siemon has partnered with data centre infrastructure management (DCIM) solution provider Maya HTT, w...
Enterprises need a secure, fast and easy way to connect their locations and data centers to cloud se...
Six new tanks set for data centre business continuity across London.
Five-year renewal to drive further IT consolidation and standardization across Anglo American.
Fujitsu technology enables the use of multiple wavelength bands to support expanded transmission cap...
University of Stirling completes consolidation challenge.
Despite progress with efficiency gains, the rate of outages remains high as operators struggle wit...