CNI Cyber Report: Risk & Resilience

Introduction

The demand on our Critical National Infrastructure (CNI) is continually growing. But with increased demand comes increased risks.

While traditionally many CNI organisations may have managed Industrial Control Systems (ICS) and critical applications on their own closed private networks, the rise of the Internet of Things and benefits posed by increased connectivity has created a need to drive convergence between critical operational technology (OT), IT networks and the internet.

This introduces a completely new attack surface and a wider range of threats, making managing risks an even a greater challenge.

Understanding the risks

The evolving landscape leads to some very important questions for the sector and those tasked with keeping organisations resilient and secure. Importantly:

  • How true are the perceived threats and risks to CNI?
  • What are the biggest risks and challenges?
  • Has regulation helped?
  • And what does the future look like for the sector?

The survey

To answer these questions, we commissioned independent research organisation Censuswide to conduct research among 250 UK IT and security decision makers across five key CNI sectors: aviation, chemicals, energy, transport and water.

Understand the key threats facing CNI organisations and how different sectors compare

Key research findings

CNI organisations are facing many challenges, ranging from ageing infrastructure to increased connectivity, a greater volume of attacks, skills shortages and burnout and stress. Key findings from the research include:

  • 78% are confident that their OT systems are protected from cyber threats
  • Yet, 86% have detected cyber attacks on their OT/ ICS environments in the last 12 months
  • And of these, 93% experienced at least one successful attack in the last 12 months
  • 50% have experienced an increase in attacks during the pandemic
  • 85% have felt an increasing pressure to improve cyber security controls for the OT / ICS environment in the last 12 months
  • 84% agree the UK’s CNI industry will be impacted by a critical cyber security skills shortage in the next 3 to 5 years

Understand the key threats facing CNI organisations and how different sectors compare

What our experts say

“The report highlights some nuances between how some CNI organisations perceive their cyber security posture versus reality. Security vulnerabilities, whilst challenging to remediate, could have serious implications, not just in terms of substantial monetary fines but also risks to public safety and even loss of life, so organisations simply cannot afford to be complacent.”

Scott Nicholson, Co-CEO, Bridewell Consulting

Related content

Relieving pressure on the security team

Growing demand is driving up pressure on the CNI. But what is the human impact of this pressure on those working in the CNI sector and how can it be eased?

Visualising CNI cyber risks

We asked 250 UK IT and CNII security decision makers what they think about cyber security in the sector. Download the infographic to see the key findings.

Understanding future challenges

In a world when threats are constantly changing it can be easy to feel left behind. So what challenges can CNI organisations expect to face in 2025 and what needs to be done now

Industry recognised security experts

Address: 40 Caversham Road, Reading, RG1 7EB
Company registration number: 11101195 registered in England & Wales

© 2021 Bridewell Consulting.