{"id":5066,"date":"2026-04-04T11:38:03","date_gmt":"2026-04-04T11:38:03","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/04\/04\/most-cni-firms-face-up-to-5m-in-downtime-from-ot-attacks\/"},"modified":"2026-04-04T11:38:03","modified_gmt":"2026-04-04T11:38:03","slug":"most-cni-firms-face-up-to-5m-in-downtime-from-ot-attacks","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/04\/04\/most-cni-firms-face-up-to-5m-in-downtime-from-ot-attacks\/","title":{"rendered":"Most CNI Firms Face Up to \u00a35m in Downtime from OT Attacks"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The vast majority (80%) of critical national infrastructure (CNI) providers in the UK face downtime costs of between \u00a3100,000 ($132,144) and \u00a35m ($6.6m) from cyber-attacks that disrupt their operational technology (OT), according to e2e-assure.<\/p>\n<p>The SOC-as-a-service provider polled 250 cybersecurity decision makers in CNI sectors including manufacturing, energy, utilities, transport and retail to better understand the impact of cyber threats.<\/p>\n<p>It claimed that around a quarter (23%) of OT downtime incidents costs businesses over \u00a31m, with 6% exceeding \u00a35m.<\/p>\n<p>That might explain why nearly two-thirds (64%) of those polled said they are afraid of nation-state attacks.<\/p>\n<p><em>Read more on CNI threats: UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs.<\/em><\/p>\n<p>\u00a0\u201cThis fear reflects a shift in how cyber-threats are being used, not just for data theft and monetary gain, but to disrupt operations and apply strategic pressure against critical services such as energy, transport and manufacturing,\u201d said Rob Demain, CEO at e2e-assure.<\/p>\n<p>\u201cFor OT environments, the impact of this threat is more immediate and tangible than in IT. Industrial systems underpin physical processes, meaning a successful breach can interrupt operations, halt production or affect safety.\u201d<\/p>\n<h2><strong>Iran Threat Increases Tension<\/strong><\/h2>\n<p>The threat of OT disruption has arguably increased in recent weeks with the US-Israel bombing of Iran. The country\u2019s hacking capabilities cannot match Russia\u2019s or China\u2019s for scale or sophistication, but it has previously been able to hijack CNI networks.<\/p>\n<p>In 2024, Five Eyes intelligence agencies warned of a year-long campaign where Iranian hackers used password spraying and MFA-bombing techniques to gain a foothold in the networks of healthcare, government, IT, engineering and energy companies.<\/p>\n<p>Last year, a report from the Intelligence and Security Committee (ISC) warned that \u201cit is unlikely that all UK entities are able to detect or defend against Iranian offensive cyber activity.\u201d<\/p>\n<h2><strong>OT Systems Are Exposed<\/strong><\/h2>\n<p>E2e-assure warned that nation states often use phishing or compromised credentials as an entry point into IT systems, before pivoting to OT environments. A lack of visibility into malicious activity is hindering response efforts, it added.<\/p>\n<p>Although nearly a third (31%)\u00a0of responding organizations claimed they can detect breaches within 12 hours, 10% of large enterprises take over a year\u00a0to\u00a0remediate incidents, the report noted.<\/p>\n<p>Over two-fifths (44%) said they are &#8220;least concerned&#8221; about visibility into OT network activity.\u00a0<\/p>\n<p>Supply chain compromise is also a major risk factor: 21% of mid-sized organizations reported four or more incidents linked\u00a0to\u00a0suppliers or third parties in the past year.<\/p>\n<p>In terms of business impact, reputational damage (25%) and brand or revenue loss (20%) are among the top concerns for security leaders, although in small organizations staff turnover (37%) also figured prominently.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The vast majority (80%) of critical national infrastructure (CNI) providers in the UK face downtime costs of between \u00a3100,000 ($132,144) and \u00a35m ($6.6m) from cyber-attacks that disrupt their operational technology (OT), according to e2e-assure. The SOC-as-a-service provider polled 250 cybersecurity decision makers in CNI sectors including manufacturing, energy, utilities, transport and retail to better understand<\/p>\n","protected":false},"author":2,"featured_media":5067,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5066","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5066-f00a1948-af59-49ef-8efe-8846e4cbc2cb-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5066","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5066"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5066\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5067"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}