Although the blackout was resolved the same afternoon, numerous users questioned whether compensation would be provided to those affected and what form this would take. Ofcom advises that users should only be entitled to compensation if there broadband is down for more than two days, but notes that this is ‘dependant on circumstances’, particularly if a disruption has directly resulted in a loss of productivity and profitability. As we have seen from the fallout of recent outages caused by cyberattacks, such as those suffered by Marks & Spencer and the Co-Op, organisations must carefully consider how they manage customer expectations in the aftermath of an incident, if further reputational damage is to be avoided.
While this blackout was apparently caused by an ‘act of god’ rather than a malicious act, its full impact has still to play out, and further reinforces the need for organisations - particularly Operators of Essential Services (OESs) - to ensure the security and resilience of their underlying infrastructure has been fully optimised and regularly updated in light of the latest threat intelligence and compliance obligations.
This must involve a holistic approach to security, encompassing both physical and digital systems and their increasing integration, along with measures to ensure operations can be resumed as quickly as possible in the event of an incident. In light of a growing range of highly complex, aggressive cyber threats and an increasingly stringent regulatory landscape, such measures should be regarded as compulsory for organisations at all levels, across both the public and private sectors, including all aspects of Critical National Infrastructure.
If you are in any doubt as to the security and resilience of your own systems, we would strongly advise you to arrange a consultation with our CNI technology experts. This will help you establish a clear view of potential vulnerabilities across your infrastructure that could be exploited, so they can be proactively secured.