Cyberattacks raise OT downtime for CNI firms

​​​​​​​​​​

Research from SOC-as-a-service provider e2e-assure shows that 80% of critical national infrastructure (CNI) organizations report facing up to £5 million in operational technology (OT) downtime costs following a cyberattack, with a further 23% saying severe incidents have cost their firms over £1 million.

Financial losses are not limited to rare, worst-case scenarios but are becoming a common outcome of incidents affecting essential services and industrial operations.  With geopolitical tensions continuing to rise, the research found 64% of IT decision-makers fear being hit by a nation-state attack according to the research’s findings.  “This fear reflects a shift in how cyber threats are being used, not just for data theft and monetary gain, but to disrupt operations and apply strategic pressure against critical services such as energy, transport and manufacturing,” explains Rob Demain, CEO, e2e-assure.  “For OT environments, the impact of this threat is more immediate and tangible than in IT.  Industrial systems underpin physical processes, meaning a successful breach can interrupt operations, halt production or affect safety.”

Nation-state actors often exploit common entry points like phishing or stolen credentials to pivot into OT systems, increasing the risk of prolonged disruption if detection and response are slow.  This is reflected in the research findings: the average time from compromise to detection is 52 days, giving attackers ample time to move laterally and reach critical systems undetected.

“This long recovery highlights a growing “remediation gap” in industrial cybersecurity,” says Demain.  “Although 31% of organizations can now detect breaches within 12 hours, resolving incidents remains difficult, with one in ten large enterprises taking over a year to fully remediate major breaches.  Organizations may be making progress in how quickly they can detect incidents, but that progress is not yet carrying through to remediation and this gap between detection and resolution is leaving OT environments exposed for extended periods.  In OT environments, where cyber physical systems directly support operations and essential services, delays in resolving incidents can have lasting operational and financial consequences.”

Nearly half of all decision-makers report being concerned about insider threats, but with 44% placing low importance on OT network visibility it is worrying as these are the areas where incidents often go undetected for months or longer.

Common entry points continue to fuel major breaches with many organizations experiencing four or more attacks each year.  The most common repeat attack types include phishing (17%), malware and ransomware (16%), insider threats (15%), and credential theft or account compromise (15%), indicating that attackers continue to rely on established methods, such as email and compromised access, rather than more complex techniques.

Supply chain compromise is another a key factor for mid-sized organizations with 21% reporting four or more incidents linked to suppliers or third parties.  CNI organizations report similarly high levels of repeated supply chain compromise and credential theft, both at 21%, showing how trusted access points are frequently being used to gain entry.

Beyond this, organizations are increasingly concerned about longer-term impacts, such as reputational damage (25%) and brand or revenue loss (20%), which are now seen as greater risks than immediate financial impact.  Workforce challenges are also becoming more prominent, with 37% of smaller organizations with between 1,500 and 2,499 employees citing employee loss (staff turnover) after major incidents as a key concern.

On a positive note, around 32% of organizations are using detection platforms originally designed for IT and adapted for OT, indicating that many are extending existing tools to support industrial environments.  However, only 28% report having custom-built OT-specific detection capabilities.

“While adaptation is a positive step, the relatively lower adoption of tailored detection suggests more organizations could benefit from approaches designed specifically for the characteristics of OT systems,” comments Demain.