Digital Risk Assessment

Digital Risk Assessment

As digital technology plays an increasingly prominent role in day-to-day rail operations, so the industry must prove itself ever-more resilient to emerging threats.

Cyber security, with its focus on protection of IT systems and infrastructure, is only part of the equation.

Digital resilience looks beyond IT processes and across an organisation’s processes, governance and physical assets as well as its interactions with customers, staff and the outside world.

In-depth rail-centric assessments

Applying an approach that  combines the client's Cyber Security Management Plan, IEC 62443 (global standard for the security of Industrial Control System networks) and global best practice from the rail industry,  risk assesssments conducted by Ricardo accommodates the unique characteristics of the rail industry - such as its open and acessable environments - and takes into account the full range of plausible threat sources, including those from non-malicious actors. 

At the end of the process, our client is presented with a detailed, impact--led appraisal of the cyber-risks faced across their operations, prepared with a 'rail mindset' maintained throughout, and accompanied with guidance on prorportionate mitigation measures and recommended next-steps.


  • Security risks identified
  • An organised body of evidence available to regulatory bodies
  • Rail sector knowledge that focuses on areas of highest risk