Trust in cybersecurity tools among critical national infrastructure (CNI) providers is declining [3], driven by concerns over nation-state attacks, particularly from China and Russia [1].


A recent Bridewell report [3], based on interviews with over 1000 CISOs at CNI providers in the US and UK [3], revealed a 121% increase in the ranking of trust in cybersecurity tools as a top challenge [3]. Additionally, 74% of respondents expressed worries about Chinese state actors, while 73% were concerned about Russian state operatives. Budgets for cybersecurity have also seen a sharp decline [3], with reductions in IT and OT budgets allocated for cybersecurity [3]. Despite financial constraints, nearly a third of CNI respondents who were victims of ransomware attacks last year admitted to paying their extortionists [3]. Bridewell cautioned about the legal risks associated with ransom payments and the psychological impact on employees. CEO Anthony Young stressed the importance of implementing robust security strategies to mitigate risks and prevent the need to pay ransoms. Bridewell research on UK Critical National Infrastructure (CNI) reveals the high risks of ransomware attacks [2], with 60% of surveyed organizations experiencing at least one attack in the past year [2]. The potential consequences of ransomware attacks include financial losses [2], reputational damage [2], disruption [2], downtime [2], data loss [2], and increased insurance premiums [2]. The average cost of a ransomware attack on UK CNI organizations is £295,230 [2], with response delays exacerbating the impacts [2]. The sophistication of attacks is increasing [2], with ransomware-as-a-service (RaaS) being deployed with greater knowledge and cunning [2]. Bridewell CEO Anthony Young advises organizations to have a proactive security strategy in place to reduce the risk of falling victim to ransomware attacks [2].


The impacts of ransomware attacks on CNI organizations are significant, with financial losses [2], reputational damage [2], and operational disruptions being key concerns. Mitigating these risks requires implementing robust security strategies and avoiding the need to pay ransoms. As ransomware attacks become more sophisticated, organizations must stay vigilant and proactive in their cybersecurity measures to protect critical infrastructure.