Future Water polls on cyber security ahead of new rules

Business support firm Future Water Association, has launched a survey looking at water sector cyber security.

Future Water’s chief executive Paul Horton said “We’re trying to get a more accurate picture of the current level of awareness in the sector and help companies prepare for the future, where European Union General Data Protection Regulation becomes mandatory and the Government implements the Network and Information Systems Directive. The need to act is now.

“It’s also vital that all companies in the sector understand their responsibilities ahead of the new regulations coming in next year. Wherever they are in the supply chain they will be required to demonstrate their cyber security preparedness when bidding for work.” Horton added.

The survey has the support of Water UK and is a partnership with publication, Water Briefing.

Data risk concerns are growing (see The week in water 62). Future Water’s poll follows the government’s publication last week of its consultation on cyber security in essential service including water. In the consultation, the Department for Digital, Culture, Media and Sport outlined proposals for a two-tier penalty for water firms and other “essential services” who fail to meet the requirements of the Network and Information Systems (NIS) Directive.

Also last week consultant Black and Vetch published its findings that the water sector may be underestimating the cyber threat.

Future Water cited the government’s recent UK Cyber Security Breaches Survey 2017, which found that only 33% of businesses have formal policies in place and only 20% of those surveyed, provide staff with cyber security training. While many companies have carried out health checks, risk assessments or audits to identify cyber security risks, less than half have a formal cyber security incident management process in place.

Future Water said its initial results from the survey will be presented formally at a cyber security workshop on 27th September.