Early in 2017, the WannaCry attack crippled many global companies, and although we were unaffected directly, the UK’s National Crime Agency (NCA) continue to warn about the growing threat of cyber-attack and data loss. The threat of disruption to our customers and our business is continually evolving and it’s why our Board has identified cyber risk as one of our top corporate risks.
We also know from talking to customers and stakeholders that safety and reliability are among their top priorities and so the integrity of our digital infrastructure is critical. Our stakeholders are also asking us to use technology to increase service automation and improve communication – giving a better service to our customers. Any new channels or applications that we create must always have robust risk mitigation and cyber security protection.
Award winning solutions
Our IT team has many major initiatives underway to help protect us from cyber-attack and to preserve our customer and employee data as well as our company assets. We are among the leading utilities in this area, looking after our customers and colleagues by setting the standard for cyber security leadership within the industry.
We do this by creating partnerships with suppliers, the National Cyber Security Centre (NCSC) and the Department for Business, Energy and Industrial Strategy (BEIS). We’re on track to become the first owner of Critical National Infrastructure (CNI) to migrate 100% to the cloud . We were one of the first utilities to achieve Cyber Essentials accreditation – a government security scheme recommended to all UK industry to help protect against common cyber-attacks.
We carry out test exercises to make sure the measures we put in place are robust enough to ensure the safety of our data and systems. Rules, advice and guidance have been created to help protect both employees and the Company.
First line of defence
Our colleagues are the first line of defence against cyber-attack. Safe behaviours, like not clicking suspicious links in emails and only using trusted websites is an essential part of managing the risk of cyber-attack. By promoting and adopting a common approach, ‘is it secure?’ we are working to embed a culture of awareness to reduce our vulnerability, combat potential losses and demonstrate we are serious about our IT security. Our online security knowledge zone keeps our people informed about cyber risk, how it can impact our company, and how to protect their families outside work.
We were delighted that our ambitious cyber strategy was recognised when we won the Cyber Security Project of the Year at the UK IT Industry Awards. Notwithstanding this success, continued capability improvements will be required for us to continue to successfully manage this growing threat. Our IT security team is embedding a risk-management culture and a common-sense approach to dealing with the evolving threats we face so we can continue to keep our customers safe and warm.
We’re asking customers and stakeholders for guidance on how much we should be investing in enhanced security systems to prevent cyber-attacks which could negatively impact our network. And how much we should be investing to improve the physical security around all our sites, to make them more resilient against physical security threats designed to harm or put customers at risk.