CNI Cyber Report: Risk & Resilience


The demand on our Critical National Infrastructure (CNI) is continually growing. But with increased demand comes increased risks.

While traditionally many CNI organisations may have managed Industrial Control Systems (ICS) and critical applications on their own closed private networks, the rise of the Internet of Things and benefits posed by increased connectivity has created a need to drive convergence between critical operational technology (OT), IT networks and the internet.

This introduces a completely new attack surface and a wider range of threats, making managing risks an even a greater challenge.

Understanding the risks

The evolving landscape leads to some very important questions for the sector and those tasked with keeping organisations resilient and secure. Importantly:

The survey

To answer these questions, we commissioned independent research organisation Censuswide to conduct research among 250 UK IT and security decision makers across five key CNI sectors: aviation, chemicals, energy, transport and water.

Understand the key threats facing CNI organisations and how different sectors compare

Key research findings

CNI organisations are facing many challenges, ranging from ageing infrastructure to increased connectivity, a greater volume of attacks, skills shortages and burnout and stress. Key findings from the research include:

Understand the key threats facing CNI organisations and how different sectors compare

What our experts say

“The report highlights some nuances between how some CNI organisations perceive their cyber security posture versus reality. Security vulnerabilities, whilst challenging to remediate, could have serious implications, not just in terms of substantial monetary fines but also risks to public safety and even loss of life, so organisations simply cannot afford to be complacent.”

Scott Nicholson, Co-CEO, Bridewell Consulting

Related content

Relieving pressure on the security team

Growing demand is driving up pressure on the CNI. But what is the human impact of this pressure on those working in the CNI sector and how can it be eased?

Visualising CNI cyber risks

We asked 250 UK IT and CNII security decision makers what they think about cyber security in the sector. Download the infographic to see the key findings.

Understanding future challenges

In a world when threats are constantly changing it can be easy to feel left behind. So what challenges can CNI organisations expect to face in 2025 and what needs to be done now

Industry recognised security experts


© Copyright 2022 – Bridewell Consulting

Bridewell Consulting Limited Limited is a company registered in England and Wales.
VAT Registration No: 386809347 | Company Registration No: 11101195.
Registered Office: 40 Caversham Road, Reading, RG1 7EB