Up to 39% of critical infrastructure organisations in the UK, including energy firms, have not completed basic cyber security standards.
That’s according to Corero Network Security (CNS), a provider of Distributed Denial of Service (DDoS) defence solutions, which uncovered this information through 338 Freedom of Information requests.
A DDoS attack involves making a machine or network resource unavailable to its intended users and disrupting services.
The government released a ’10 Steps to Cyber Security’ programme – CNS suggests the lack of adherence to the steps outlined indicates a lack of cyber resilience within groups such as emergency services, NHS trusts, energy suppliers and transport organisations.
A total of 163 organisations replied, with 63 admitting they had not completed the guidelines.
The cyber defence firm believes failing to ensure adequate cyber security could leave some firms liable for fines of up to £17 million.
Sean Newman, Director of Product Management at Corero, said: “Cyber attacks against national infrastructure have the potential to inflict significant, real life disruption and prevent access to critical services that are vital to the functioning of our economy and society.”
A spokesperson for the National Cyber Security Centre said: “Cyber security can feel like a daunting challenge, but a few easy and inexpensive steps can protect from the most basic cyber security threats.
“Following these steps could prevent incidents, save money and uphold an organisations’ reputation.”