CNI Firms Face Up to £5m in Downtime from OT Attacks
Basically, many critical services could lose millions if cyber-attacks disrupt their operations.
A new report reveals that 80% of critical infrastructure firms could face up to £5 million in downtime from cyber-attacks. This poses a significant risk to essential services. Organizations must enhance their cybersecurity measures to mitigate these threats.
What Happened
According to a recent report by e2e-assure, 80% of critical national infrastructure (CNI) providers in the UK face significant financial risks from cyber-attacks targeting their operational technology (OT). The report highlights that these firms could incur downtime costs ranging from £100,000 to £5 million due to such disruptions.
Who's Affected
The report surveyed 250 cybersecurity decision-makers across various sectors, including manufacturing, energy, utilities, transport, and retail. Notably, 23% of downtime incidents cost organizations over £1 million, with 6% exceeding £5 million. This alarming trend raises concerns about the resilience of critical services that society relies on daily.
What Data Was Exposed
While the report does not specify data exposure, it emphasizes the operational impact of cyber threats. The fear of nation-state attacks is prevalent, with 64% of respondents expressing concern. This reflects a shift in cyber threats, focusing not just on data theft but also on disrupting essential services.
The Threat
The threat landscape for CNI firms has intensified, particularly following geopolitical tensions, such as the US-Israel bombing of Iran. Although Iranian hacking capabilities are not as advanced as those of Russia or China, they have previously targeted CNI networks. In 2024, Five Eyes intelligence agencies warned of a year-long campaign where Iranian hackers exploited vulnerabilities in healthcare, government, and energy sectors.
Tactics & Techniques
Cybercriminals often gain access to OT systems through phishing or compromised credentials. E2e-assure noted that a lack of visibility into malicious activities hampers response efforts. While 31% of organizations claim they can detect breaches within 12 hours, 10% of large enterprises take over a year to remediate incidents. Alarmingly, 44% of respondents expressed minimal concern about visibility into OT network activity.
Defensive Measures
To mitigate these risks, organizations must enhance their cybersecurity posture. This includes improving visibility into OT environments and establishing robust incident response protocols. Additionally, addressing supply chain vulnerabilities is crucial, as 21% of mid-sized organizations reported multiple incidents linked to third parties in the past year.
Conclusion
The findings underscore the urgent need for CNI firms to bolster their defenses against cyber threats. With the potential for millions in downtime costs, investing in cybersecurity is not just a precaution but a necessity to ensure the continuity of essential services.