Cover Image for CS&R Bill Debrief: What It Means for UK Critical Infrastructure and Financial Services
Cover Image for CS&R Bill Debrief: What It Means for UK Critical Infrastructure and Financial Services
Avatar for Cracken
Presented by
Cracken
Hosted By
Jesse Nuese,
60 Going
Tech

CS&R Bill Debrief: What It Means for UK Critical Infrastructure and Financial Services

Cracken
Google Meet
Registration
Tickets
1
You will be asked to verify token ownership with your wallet.
About Event

In 28 days, the NCSC is pulling the plug on Web Check and Mail Check. The free tools that thousands of UK organisations have used to monitor

The timing is worth paying attention to. The Cyber Security and Resilience Bill just cleared committee in the Commons last week. When it passes, operators of essential services, digital service providers, managed service providers, and data centre operators all face strengthened security and incident reporting duties backed by fines up to £17 million or 4% of global turnover. Regulators also get a new "critical supplier" designation power that lets them pull key vendors into the regime if a failure could disrupt essential services.

For financial services, the exposure is indirect but real. Banks and insurers sit outside NIS, with primary supervision staying under BoE, PRA, and FCA. But the infrastructure and managed services they consume are squarely in scope. As regulators impose stronger supply-chain duties on NIS-regulated providers, BFSI organisations will need to tighten third-party risk management, contractual controls, and technical assurance across those relationships. Your regulators are still BoE, PRA, and FCA. But your providers' regulators just got sharper teeth.

And here's what doesn't show up in the regulatory language: the people targeting UK critical infrastructure right now are not theoretical. Cracken's founding team built and operated their tools defending Ukrainian critical infrastructure against nation-state attacks. The tradecraft targeting UK networks isn't unfamiliar to us.

Cracken is hosting a 60-minute session for UK critical infrastructure and financial services security leaders. No product demo. A debrief.

We'll cover:

  • The Web Check shutdown and what it actually means for external exposure validation when the free option disappears

  • What the Cyber Security and Resilience Bill requires of in-scope organisations, and why the supply-chain obligations make it a BFSI problem too

  • Why vulnerability scanners tell you what's wrong but not what's exploitable, and why that distinction matters under the new regime

  • How nation-state reconnaissance campaigns are structured today, based on what we saw firsthand

  • How to scale penetration testing to match the speed regulators now expect without losing governance or audit trails


Who should be in the room
CISOs and Security Directors at UK critical infrastructure organisations.

Energy, telecoms, water, healthcare, transport.
Compliance and Risk Leaders staring down the CS&R Bill timeline.

Financial services security and third-party risk leaders whose providers are now in scope.

Red Team leads who need to do more with the same headcount. IT Security Managers who can't afford blind spots when the NCSC tools go dark.

Avatar for Cracken
Presented by
Cracken
Hosted By
Jesse Nuese,
60 Going
Tech