Protecting Against Cyber Crime

Our four-year programme will ensure we continue to be resilient to cyber crime and protect our customers

In our 2021 Business Plan, we developed a four-year programme to become more resilient to cyber crime and protect our customers.

This is called our Information Security and Privacy Strategy.


We’re focused on two areas of investment:

Information Cyber Security Strategy

As a central hub for the gas industry, our business – and our key service providers – are targets for cyber attacks.

This investment ensures:

  • we proactively identify cyber threats and attacks and implement effective resilience controls
  • we quickly respond to and manage any incident – and contain its impact

Data Privacy Law Compliance (UK GDPR)

This investment improves our data privacy operations and controls. It reduces the chance of data breaches, along with financial and reputational impacts.


Updates on our progress

Alongside our partner Correla, we’ve continued to increase our defensive and resilience capabilities against cyber-attacks. We’ve continued to particularly focus on securing our business applications that are used across the industry.

We’ve significantly reduced the risk of a successful attack by:

  • building the capability to proactively identify and respond to cyber threats in real-time

  • ensuring any responses to threats pose no interruption to the service we provide to our customers

  • increasing our overall resilience and ensuring high-levels of user awareness across our people

Through these activities, we’re not only continuing to protect our customers’ data, but deterring attackers from attempting in the first place.

Next year will be the final year of our four-year improvement plan. Over this period, we’ll continue to move away from being “just another target” to a secure, robust organisation with rigorous defences and processes.



Our Protecting Against Cyber Crime investment theme will deliver:

  • reduced likelihood and impact of a cyber-attack
  • reduced likelihood of a customer data breach
  • the ability to share better threat intelligence with customers and the industry
  • lower cost to serve (C2S) through the selection of a hybrid operating model
  • faster delivery of individual rights requests for customers
  • full compliance with UK General Data Protection Regulation (GDPR) privacy rules

You can find more information on this investment theme, along with the benefits these activities will deliver, in our 2022 Business Plan.


Get in touch

If you have any questions about this investment theme, or if you'd like to know more, please email