Atkins warns water firms of obligation to maintain cyber security resilience

WS Atkins has warned that water companies could be facing heavy fines of under recently introduced European Union legislation if they fail to demonstrate they have sufficient cyber security measures in place to protect information systems.

The engineering consultancy urged companies to ensure that understanding and training were up to scratch and to check the compliance status of their supply chain.

In a recent white paper, Atkins said rules under the Network and Information Systems Directive – which applies to the critical national infrastructure that underpins our society – require organisations in services including transport, energy and healthcare as well as water to secure their information systems. Firms that fail to do so in the UK face a maximum penalty £17m.

Atkins said the cyber skills shortage in the UK, meant that organisations may need to rely on external resources and expertise to ensure that they had sufficient resilience to threats to cyber security. And it warned that they may also be required to ensure that their supply chain had sufficient cyber resilience.