On 13 January 2023, the UK Office of Communications (Ofcom) closed the public consultation on the proposed changes to the Network and Information Systems (NIS) Guidance for the Digital Infrastructure Sector. The proposed changes aim to lower the cybersecurity incident reporting thresholds for Operators of Essential Services (OES). According to Ofcom, lowering the reporting thresholds will improve the visibility of incidents impacting UK users and help providers to identify significant cyber security and resilience gaps. In particular, the new rules will consider cybersecurity incidents to be “significant” if they lasted 15 minutes or more and a “degradation by volume of 25%” of the network was registered. A statement from Ofcom and the final guidance will be issued in Spring 2023.
Original source