Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Cyber security risk is overseen and continuously monitored by the Group Executive and the Board. We apply the NIST cyber security framework to identify, assess, monitor and respond to cyber security risks, supported by a risk management process aligned to the Group’s ERM Framework and covering all IT and operational technology assets including systems and data, legacy technology risk and those operated by third parties. Our cyber security risks are managed via the “Three Lines” model, supplemented by external specialist support including cyber security firms, providing independent validation of our approach and specialist expertise for specific regulatory requirements and technologies. Further assurance is obtained through risk assessments, penetration testing, adversary simulation, incident response exercises and compromise assessments. An independent Supply Chain Risk Management (SCRM) function identifies and oversees cyber risks arising from third‑party service providers, with controls implemented by SCRM that are proportionate to the supplier’s access to Group systems and the sensitivity of data processed. There have been no cyber security incidents to date that have materially impacted the Group’s business strategy, results of operations or financial condition. Notwithstanding this, we recognise that the cyber threat environment for critical infrastructure providers remains highly challenging and dynamic. We recognise that digital transformation blurs the boundary between physical and cyber security. Modern hybrid threats can combine common cyber attacks with physical dimensions such as intrusion or sabotage. We have emphasised a converged model that strengthens our ability to detect, prevent and respond to these complex, multi-vector threats, providing a more robust and resilient security framework.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Cyber security risk is overseen and continuously monitored by the Group Executive and the Board. We apply the NIST cyber security framework to identify, assess, monitor and respond to cyber security risks, supported by a risk management process aligned to the Group’s ERM Framework and covering all IT and operational technology assets including systems and data, legacy technology risk and those operated by third parties
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board is responsible for oversight of cyber security. The Audit & Risk Committee regularly reviews reporting on our approach to cyber security risk management and developments throughout the year. National Grid’s Chief Information and Digital Officer (CIDO) and Chief Information Security Officer (CISO) regularly attend the Audit & Risk Committee and hold additional briefings to the Board at least once per year. The Audit & Risk Committee and Board work collaboratively to ensure oversight with the proper focus of each respective Board committee. Cyber risk reporting includes, among other things, current and emerging cyber security threats to National Grid and relevant sectors, the status of key risk indicators and controls, the results of any relevant internal or external assessments, key incidents escalated to management during the prior and current reporting period and the status of cyber security improvement programmes. At the executive and management level, the CIDO is the owner of the cyber security risk and the CISO has primary responsibility for the development, operation and maintenance of National Grid’s cyber security programme. Under the CISO’s oversight, National Grid’s cyber security team implements and provides governance and functional oversight for cyber security services, controls and processes. In line with our ERM Framework, cyber security processes include the escalation of material risks and incidents, including those that originate or occur from third parties, through the organisation to the Group Executive Committee, Audit & Risk Committee and Board as appropriate, based on an assessment of likelihood and severity of impact.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit & Risk Committee regularly reviews reporting on our approach to cyber security risk management and developments throughout the year.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit & Risk Committee regularly reviews reporting on our approach to cyber security risk management and developments throughout the year. National Grid’s Chief Information and Digital Officer (CIDO) and Chief Information Security Officer (CISO) regularly attend the Audit & Risk Committee and hold additional briefings to the Board at least once per year. The Audit & Risk Committee and Board work collaboratively to ensure oversight with the proper focus of each respective Board committee.
|
| Cybersecurity Risk Role of Management [Text Block] | National Grid’s Chief Information and Digital Officer (CIDO) and Chief Information Security Officer (CISO) regularly attend the Audit & Risk Committee and hold additional briefings to the Board at least once per year. The Audit & Risk Committee and Board work collaboratively to ensure oversight with the proper focus of each respective Board committee. Cyber risk reporting includes, among other things, current and emerging cyber security threats to National Grid and relevant sectors, the status of key risk indicators and controls, the results of any relevant internal or external assessments, key incidents escalated to management during the prior and current reporting period and the status of cyber security improvement programmes. At the executive and management level, the CIDO is the owner of the cyber security risk and the CISO has primary responsibility for the development, operation and maintenance of National Grid’s cyber security programme. Under the CISO’s oversight, National Grid’s cyber security team implements and provides governance and functional oversight for cyber security services, controls and processes. In line with our ERM Framework, cyber security processes include the escalation of material risks and incidents, including those that originate or occur from third parties, through the organisation to the Group Executive Committee, Audit & Risk Committee and Board as appropriate, based on an assessment of likelihood and severity of impact.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | National Grid’s Chief Information and Digital Officer (CIDO) and Chief Information Security Officer (CISO) regularly attend the Audit & Risk Committee and hold additional briefings to the Board at least once per year. The Audit & Risk Committee and Board work collaboratively to ensure oversight with the proper focus of each respective Board committee.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Chief Information and Digital Officer (CIDO) and Chief Information Security Officer (CISO) regularly attend the Audit & Risk Committee and hold additional briefings to the Board at least once per year.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Cyber risk reporting includes, among other things, current and emerging cyber security threats to National Grid and relevant sectors, the status of key risk indicators and controls, the results of any relevant internal or external assessments, key incidents escalated to management during the prior and current reporting period and the status of cyber security improvement programmes. At the executive and management level, the CIDO is the owner of the cyber security risk and the CISO has primary responsibility for the development, operation and maintenance of National Grid’s cyber security programme. Under the CISO’s oversight, National Grid’s cyber security team implements and provides governance and functional oversight for cyber security services, controls and processes. In line with our ERM Framework, cyber security processes include the escalation of material risks and incidents, including those that originate or occur from third parties, through the organisation to the Group Executive Committee, Audit & Risk Committee and Board as appropriate, based on an assessment of likelihood and severity of impact.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |