British Train Operating Companies (TOCs) are presented with a massive opportunity to get their cyber technology right. The EU saw the need for information security to boost safety and delivery of operating essential services. Essential Services contribute to the critical national infrastructure – in terms of importance, transport is the bloodstream of UK Plc. The EU put their vision into the European Regulations of Network and Information Services (NIS) in 2016. By May 2018, information security compliance was British Law. The NIS Law covered transport as well as other essential facilities such as the provision of gas, electricity, drinking water and Internet bandwidth. It recognised that without information security there can be no guarantee these essential services would be delivered. But has compliance been achieved since then, has it been “sorted”? Current evidence suggests the journey has some way to go, certainly with Train Operating Companies. Increasingly this nation’s essential services are under cyber threat. The threat landscape is examined in many articles – a fair rendition can be seen at https://www.il7security.com/.