UK Critical National Infrastructure (CNI) organizations are facing a growing threat from cyber attacks, with ransomware being a particular concern. A recent study conducted by Bridewell, a prominent cyber security services provider based in the UK, revealed that one-third of CNI organizations targeted by ransomware have admitted to paying the ransom. This practice has sparked heated debates within the industry, as many experts advocate against giving in to ransom demands.
In addition to the ransomware issue, the study also found that a staggering 95% of UK CNI organizations experienced a data breach in the past year. These breaches have come at a significant financial cost, with over half (54%) of organizations reporting losses exceeding £100,000 per breach. The expenses associated with cyber security upgrades, systems recovery, and increased operational costs have contributed to the substantial financial impact of these breaches.
The report highlighted ransomware, phishing, and unauthorized access as the top three most frequent types of cyber attacks targeting UK CNI organizations. These threats continue to pose significant challenges for organizations across various sectors of critical national infrastructure. The findings were based on a survey of over 600 cyber security professionals working in UK CNI organizations and provided valuable insights into the current state of cyber security within these critical sectors.
One key challenge identified in the report is the speed of incident response, with only 22% of organizations able to respond to a ransomware attack within an hour. However, 69% of organizations reported being able to respond within six hours. Improving incident detection speed has emerged as a top priority for UK CNI organizations, reflecting the need for quicker responses to cyber threats.
Cloud services were identified as a prime target for cyber attacks across IT and OT environments within UK CNI sectors. The study found that cloud services have become the most targeted attack vector, followed by web browsing and internet access. Data protection also emerged as a significant concern, with 90% of organizations expressing worries about meeting compliance requirements in this area.
Another notable trend highlighted in the report is the rising threat of AI-driven cyber attacks. Artificial intelligence is reshaping the cyber threat landscape, with AI-driven phishing identified as the top AI-powered attack vector. Automated hacking and AI-powered botnets were also cited as significant concerns. Despite these threats, a remarkable 95% of UK CNI organizations are integrating AI-driven tools into their operations.
The study also raised concerns about the maturity of cyber security strategies within UK CNI organizations. While 90% of respondents believed they had mature IT cyber security strategies, only a quarter were following best practices for cyber risk assessments. Confidence in Operational Technology (OT) security maturity was even lower, with just 34% describing their OT security as “very mature.”
To address the cyber security talent gap, UK CNI organizations are focusing on reskilling current employees, outsourcing to external partners, and developing apprenticeship programs. Supply chain vulnerabilities also persist, with only 42% of organizations expressing confidence in their ability to handle supply chain cyber threats. Fifty-seven percent of respondents experienced a supply chain attack in the past year, with firmware attacks, data interception and tampering, and third-party service provider breaches being the top three supply chain attacks reported.
In response to the study findings, Anthony Young, CEO at Bridewell, emphasized the importance of prioritizing rapid incident detection and response, strengthening cyber security maturity, and enhancing resilience against supply chain risks. With AI playing an increasingly prominent role in cyber attacks and defenses, organizations must remain proactive in safeguarding critical infrastructure and national security, especially in the face of a challenging geopolitical climate.
As cyber threats continue to evolve, UK CNI organizations are urged to stay vigilant and proactive in their cyber security efforts. The full report from Bridewell provides valuable insights and recommendations for organizations looking to enhance their cyber security posture and protect critical national infrastructure from sophisticated cyber threats.