For tens of thousands of people, the last weekend in May 2017 proved to be one they’d rather forget. A power failure at a British Airways data centre led to more than 650 flights being cancelled and chaos at many airports.
The incident was a timely example of the kind of disruption to essential services which the recently implemented Network and Information Systems (NIS) Regulation aims to reduce the risk of.
Although the Operators of Essential Services (OES) which fall under the wide-ranging regulations are still in the process of being identified by the sector-specific Competent Authorities (the regulators of the NIS), it is clear from the published thresholds that British Airways is one and that an incident such as last May’s would need to be reported given the level of disruption caused.
The British Airways incident occurred well before the NIS came into force, but it highlights the extent to which major businesses are now dependent on supply chains and how effective risk management of third parties will increasingly be a key issue for organisations.
UNDERSTANDING THE RISKS
Minimising the impact of incidents – whether from cyber-attacks, power cuts or hardware failure – is a key objective of the NIS Regulation. Understanding and managing the security risks to networks and information systems from dependencies on external suppliers is an important part of that.
Our latest paper aims to give you a better understanding of the risks involved and what you can do to mitigate them. To access the paper, simply click the link below*: