More than a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government, according to Freedom of Information requests by Corero Network Security.
The FoIs were sent in March 2017 to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses were received, with 63 organisations (39 per cent) admitting to not having completed the “10 Steps” programme. Among responses from NHS Trusts, only 58 per cent had completed the scheme.
In the event of a breach, critical infrastructure organisations could be liable for fines of up to £17m, or 4 per cent of global turnover, under the government’s proposals to implement the EU’s Network and Information Systems (NIS) directive from May 2018.