Nine Cyber Attacks On UK’s Transport Sector Missed

By   ISBuzz Team
Writer , Information Security Buzz | Sep 01, 2021 04:03 am PST


It has been reported that nine cyber-attacks affecting the British transport sector were missed by the UK’s mandatory reporting laws and were only disclosed to the government on a voluntary basis, Sky News has learned. A law introduced three years ago was intended to boost Britain’s ability to defend itself from the foreign states and criminal hackers by obliging critical infrastructure organisations to report incidents.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Andy Norton
Andy Norton , European Cyber Risk Officer
September 1, 2021 12:05 pm

<p>The inherent loophole in mandatory breach disclosure is the subjective measure of what constitutes a “substantial breach” upon which you must notify. The added complication is the requirement to notify within 72 hours of the breach being discovered when you may not have an understanding of the extent of the breach in this timeframe or when the full substance of the breach may not be understood. The subjective measure of substantiality may also be an incentive not to divulge the extent of the breach to avoid paying fines that form part of the NIS legislation. NIS2, an update to the current NIS legislation, introduces penalties for non compliance with best practises, and so it will incentivise organisations to adopt defensive in-depth practises or face similar fines, taking the emphasis away from divulging breaches and pushing towards cyber resilience.</p>

Last edited 2 years ago by Andy Norton

Recent Posts

Would love your thoughts, please comment.x