In the face of growing cyberthreats against critical national infrastructure, the NIS Directive is a wake-up call to all organisations in those sectors. When the NIS Directive becomes part of UK law in May 2018, companies that provide essential services that underpin everyday life and the economy such aswater, electricity, gas, transport, digital infrastructure, and healthcare face fines of up to 17m for failures in cybersecurity that leave them vulnerable to attack.