On 1 November 2022, the UK Office of Communications (Ofcom) opened a consultation on proposed changes to the Network and Information Systems (NIS) Guidance for the Digital Infrastructure Sector until 13 January 2023. The proposed changes aim to lower the cybersecurity incident reporting thresholds for Operators of Essential Services (OES). According to Ofcom, lowering the reporting thresholds will improve the visibility of incidents impacting UK users and help providers to identify significant cyber security and resilience gaps. In particular, the new rules will consider cybersecurity incidents to be “significant” if they lasted 15 minutes or more and a “degradation by volume of 25%” of the network was registered.
Original source