London Daily

Focus on the big picture.
Saturday, Oct 04, 2025

UK cyber security law forcing energy companies to report hacks has led to no reports, despite numerous hacks

UK cyber security law forcing energy companies to report hacks has led to no reports, despite numerous hacks

The threshold to determine whether an incident affecting energy companies is reportable has prevented any reports being made.

A cyber security law introduced three years ago was meant to boost the resilience of the UK's energy sector by obliging gas and electricity firms to report when they were hacked.

But since then not a single report has been made, Sky News can reveal, despite numerous successful hacks of British energy firms attributed to hostile states as well as criminal groups.

Ofgem, the authority that is meant to receive these reports, told Sky News that only one company has ever tried to file a report informing the regulator that it had been hacked, but they were dismissed as the incident did not meet the threshold for being reported.

Ofcom's incident thresholds are based on the impact of an attack on customers


Last year, staff at a little-known company called Elexon - a firm that plays a critical role in balancing and settling payments between power plants and electricity suppliers - was left locked out of its internal systems due to a ransomware attack.

The British government has confirmed that Russian state-sponsored hackers have successfully penetrated the computer networks of the UK's energy grids, without disrupting them.

Former defence secretary Gavin Williamson warned that "thousands and thousands and thousands" of people could be killed if an attempt at disruption was made.

But the high thresholds for companies working across the gas and electricity sectors to report cyber security incidents to Ofgem risks leaving the regulator blind to how the sector is actually coping in the face of these threats.

These thresholds are based on the impact of hacks to the continuity of the companies' services, a metric that does not record the sector's security capabilities, just the intentions of the attackers.

Dr Jamie Collier, a threat intelligence consultant at FireEye, told Sky News that the thresholds could be useful considering the varying levels of sophistication across attacks on critical infrastructure organisations, allowing defenders to "focus on what really matters".

But the cyber security expert added: "Despite this, essential service providers and regulators should be careful not to neglect the threat posed from less sophisticated attacks."

FireEye has detected an increase in critical infrastructure incidents caused by novice hackers due to the growing availability of tools enabling these hackers to interact with industrial control systems.

The company also warns that multiple, highly-prolific criminal organisations with a financial motivation are currently "active inside essential service provider networks with the intent of profiting from a ransom of stolen information and disrupted services".

FireEye warns that novice hackers are now targeting industrial control systems.


"Most of the concern around cyber security has been focused on operational technology (OT) networks that interact with physical processes and machinery, such as power plant equipment or water treatment facilities," Dr Collier explained.

"Yet the traditional information technology (IT) networks that involve the flow of data - such as file storage or email - should not be neglected. This is because whilst the impact of malicious activity can be far more severe against OT systems, these attacks typically start out on IT networks. It is therefore vital to consider security across an entire service provider's infrastructure."

Dr Collier stressed that critical infrastructure providers "deserve credit for their use of fail-safe mechanisms that can mitigate the destructive impacts of many attacks".

Responding to Sky News, a government spokesperson said: "The UK's critical infrastructure is extremely well protected and over the past five years we have invested £1.9bn in the National Cyber Security Strategy to ensure our systems remain secure and reliable."

They added that a formal review of the impact of the cyber security law, the Network & Information Systems Regulations, will take place within the next 12 months.

Newsletter

Related Articles

0:00
0:00
Close
Trump Administration Launches “TrumpRx” Plan to Enable Direct Drug Sales at Deep Discounts
Trump Announces Intention to Impose 100 Percent Tariff on Foreign-Made Films
Altman Says GPT-5 Already Outpaces Him, Warns AI Could Automate 40% of Work
Singapore and Hong Kong Vie to Dominate Asia’s Rising Gold Trade
Trump Organization Teams with Saudi Developer on $1 Billion Trump Plaza in Jeddah
Manhattan Sees Surge in Office-to-Housing Conversions, Highest Since 2008
Switzerland and U.S. Issue Joint Assurance Against Currency Manipulation
Electronic Arts to Be Taken Private in Historic $55 Billion Buyout
Thomas Jacob Sanford Named as Suspect in Deadly Michigan Church Shooting and Arson
Russian Research Vessel 'Yantar' Tracked Mapping Europe’s Subsea Cables, Raising Security Alarms
New York Man Arrested After On-Air Confession to 2017 Parents’ Murders
U.S. Defense Chief Orders Sudden Summit of Hundreds of Generals and Admirals
Global Cruise Industry Posts Dramatic Comeback with 34.6 Million Passengers in 2024
Trump Claims FBI Planted 274 Agents at Capitol Riot, Citing Unverified Reports
India: Internet Suspended in Bareilly Amid Communal Clashes Between Muslims and Hindus
Supreme Court Extends Freeze on Nearly $5 Billion in U.S. Foreign Aid at Trump’s Request
Archaeologists Recover Statues and Temples from 2,000-Year-Old Sunken City off Alexandria
China Deploys 2,000 Workers to Spain to Build Major EV Battery Factory, Raising European Dependence
Speed Takes Over: How Drive-Through Coffee Chains Are Rewriting U.S. Coffee Culture
U.S. Demands Brussels Scrutinize Digital Rules to Prevent Bias Against American Tech
Ringo Starr Champions Enduring Beatles Legacy While Debuting Las Vegas Art Show
Private Equity’s Fundraising Surge Triggers Concern of European Market Shake-Out
Colombian President Petro Vows to Mobilize Volunteers for Gaza and Joins List of Fighters
FBI Removes Agents Who Kneeled at 2020 Protest, Citing Breach of Professional Conduct
Trump Alleges ‘Triple Sabotage’ at United Nations After Escalator and Teleprompter Failures
Shock in France: 5 Years in Prison for Former President Nicolas Sarkozy
Tokyo’s Jimbōchō Named World’s Coolest Neighbourhood for 2025
European Officials Fear Trump May Shift Blame for Ukraine War onto EU
BNP Paribas Abandons Ban on 'Controversial Weapons' Financing Amid Europe’s Defence Push
Typhoon Ragasa Leaves Trail of Destruction Across East Asia Before Making Landfall in China
The Personality Rights Challenge in India’s AI Era
Big Banks Rebuild in Hong Kong as Deal Volume Surges
Italy Considers Freezing Retirement Age at 67 to Avert Scheduled Hike
Italian City to Impose Tax on Visiting Dogs Starting in 2026
Arnault Denounces Proposed Wealth Tax as Threat to French Economy
Study Finds No Safe Level of Alcohol for Dementia Risk
Denmark Investigates Drone Incursion, Does Not Rule Out Russian Involvement
Lilly CEO Warns UK Is ‘Worst Country in Europe’ for Drug Prices, Pulls Back Investment
Nigel Farage Emerges as Central Force in British Politics with Reform UK Surge
Disney Reinstates ‘Jimmy Kimmel Live!’ after Six-Day Suspension over Charlie Kirk Comments
U.S. Prosecutors Move to Break Up Google’s Advertising Monopoly
Nvidia Pledges Up to $100 Billion Investment in OpenAI to Power Massive AI Data Center Build-Out
U.S. Signals ‘Large and Forceful’ Support for Argentina Amid Market Turmoil
Nvidia and Abu Dhabi’s TII Launch First AI-&-Robotics Lab in the Middle East
Vietnam Faces Up to $25 Billion Export Loss as U.S. Tariffs Bite
Europe Signals Stronger Support for Taiwan at Major Taipei Defence Show
Indonesia Court Upholds Military Law Amid Concerns Over Expanded Civilian Role
Larry Ellison, Michael Dell and Rupert Murdoch Join Trump-Backed Bid to Take Over TikTok
Trump and Musk Reunite Publicly for First Time Since Fallout at Kirk Memorial
Vietnam Closes 86 Million Untouched Bank Accounts Over Biometric ID Rules
×