Complete Cyber is a RISQS-Verified Supplier, Here’s What That Means

Following our previous post, “What is RISQS and Why It Matters for Railway Cybersecurity”, we explained why being RISQS Accredited and on the RISQS Approved Supplier List is essential for railway suppliers—especially in today’s cybersecurity landscape. 

The importance of this has never been clearer than in real-world incidents like the recent cyber attack on Ukraine’s railways.

Ukraine’s Railway 2025 Cyber Attack

In late March 2025, Ukraine’s state operator, Ukrzaliznnytsia, experienced a major cyber attack targeting their ticketing and freight systems. This outage began on 23rd of March, forcing passengers to purchase tickets manually due to IT failures, whilst freight logistics were also disrupted. 

• By 27th of March, the ticketing system had been partially restored in a backup format, handling over 12,000 ticket purchases upon relaunch.

• However, by 9th of April, only about half of its affected IT services had returned online, with full recovery projected to take one to two weeks.

Despite this, critical OT systems such as signaling and actual train movements remained operational, thanks to robust backup and incident response protocols.

Why This Matters for RISQS Verified Suppliers Like Complete Cyber

1. Proof of Resilience vs. Real Threats

RISQS accreditation goes beyond theory. It demands that suppliers demonstrate safety, technical competence, and crisis readiness. The Ukraine example shows attackers can still get into the systems, so verified suppliers must provide rapid recovery and backup solutions—not just prevention.

2. OT Security in Practice

Whilst the attack mainly hit IT services, it highlighted the risk to OT-adjacent systems like ticketing and also logistics. As a RISQS Verified Cybersecurity provider, we ensure you’re protected across IT and OT domains—whether securing CBTC systems, SCADA networks, or asset tracking.

3. Procurement Confidence

Rail operators selecting vendors from the RISQS Supplier List like Complete Cyber can trust that we have been vetted not only for compliance but also for practical incident response capabilities—essential in high-stakes environments.

How Our RISQS Approved Services Provide Complete Cyber Resilience?

As a RISQS Verified Supplier, our services are designed to defend against and recover from incidents similar to Ukraine’s attack:

• OT & IT Risk Assessments: This is to uncover vulnerabilities before they become critical.

• Penetration Testing & Simulations: Validate resilience under threat.

• Incident Response Plans & Crisis Playbooks: Ensure swift recovery even mid-attack.

• Continuous Compliance Checks: Maintain RISQS standards and certifications like ISO 27001 and Cyber Essentials and Cyber Essentials Plus.

What This Means for UK Rail Operators?

• Choose with confidence: Working with us as a RISQS Verified Supplier means you’re working with a team that can defend, detect, and react even under pressure.

• Stay prepared: Incidents, like the Ukraine attack, happen. Being RISQS accredited means you’re prepped before any incidents strike.

• Secure the complete picture: We don’t just tick a compliance box—we ensure your rail systems remain safe, operational, and resilient.

In Summary

The cyber attack on Ukraine’s rail network shows that even well-prepared operators are vulnerable. With RISQS accreditation, suppliers like Complete Cyber are positioned to provide not just compliance, but practical resilience and rapid recovery. In rail cybersecurity, compliance is just the start. What matters is being ready and staying ready.

If you’re a rail operator, system integrator, or contractor looking to enhance your cybersecurity posture, check out the RISQS Approved Supplier List using our Supplier ID: 9975—or contact us directly to see how we can support your next project. 

Learn about our work on Railway Operational Technology from real life case studies such as Network Rail, West Midlands Class 196 Train Fleet, NRTMS Romford and Wales.