The UK’s joint committee on the National Security Structure has published a damning report on Britain’s critical national infrastructure (CNI), saying that cyber threats range across a number of sectors including energy, health services, transport and water.

The report states that the UK government is not acting with the “urgency and forcefulness that the situation demands,” and that the critical national infrastructure is a “natural target for a major cyber attack” due to its importance to the economy and everyday life.

“Too often in our past, the UK has been ill-prepared to deal with emerging risks,” said a statement from Chair of the Committee, MP Margaret Beckett, drawing attention to some of the more severe cyber attacks that have hit the UK over recent years, such as the WannaCry ransomware strike in 2017.

High risk for businesses

Such findings were also highlighted on the EU level in the World Economic Forum’s Regional Risks to Doing Business report published last week.

The study asked more than 12,500 executives around the world to select the global risks that pose the most significant concern for doing business within the next 10 years.

For Europe, cyber attacks were deemed the most pressing threat.

Complying with EU legislation

Monday’s report also drew attention to the importance of the UK continuing to comply with EU legislation in the field of cyber security after Brexit.

The legislation obliges member states to create Computer Security Incident Response Teams (CSIRTs), build and put into practice national cyber security strategies, report security breaches swiftly, and take part in a Cooperation Group that monitors the efficiency of the NIS Directive.

Giving evidence before the joint committee on the National Security Structure in June, MP David Lidington addressed the importance of continued collaboration between the EU and UK post-Brexit in the field of cyber security.

“There are what I would describe as doctrinal issues with the EU institutions, which we hope we can find a way to overcome,” he said.

“Otherwise, it amounts to a deliberate decision by the EU negotiators to put EU citizens at greater risk than they are at the moment.”