A third (34 per cent) of organisations across UK critical national infrastructure (CNI) anticipate a rise in cyber crime as a direct result of the current economic crisis, according to new research by a cyber security services firm.
For a ‘Cyber Security in CNI: 2023’ report, after a survey of 500 cyber security decision makers in the UK, in the transport and aviation, utilities, finance, government, and communications sectors, Bridewell found concern is particularly high in the utilities sector – including energy and gas. There some four in ten, 41pc of respondents were predicting a surge in cyber crime as a result of financial hardship. The findings come as Russia’s war in Ukraine has squeezed oil and gas flows to the Continent and the UK, causing a spike in fuel and food prices. A fifth (21pc) of CNI decision makers now rank employee sabotage among the biggest risks to their organisation’s IT. The firm points to how the mean number of security incidents relating to employee sabotage has already increased by 62pc within CNI over the last 12 months – from 13 instances per organisation to an average of 21.
A third (33pc) of decision makers also believe that the prevalence of phishing and social engineering attacks will grow due to the economic downturn, suggesting that threat actors could prey on employees’ vulnerabilities and financial fears to gain illicit access to CNI data and systems.
The findings reflect a longer-term rise in cyber security risk from insiders (malicious and negligent) over the past three years, with two-thirds (66pc) of CNI decision makers reporting an increase in insider threats since 2020. However, after increased security spend last year, most, 65pc of CNI organisations are now seeing a reduction in their security budgets due to the economic downturn, potentially opening the sector to more insider risks.
Anthony Young, co-CEO at Bridewell, said: “The threat of insider sabotage has always been high across CNI, but current economic pressures are making it easier for criminals to exploit the vulnerabilities of both employees and organisations. Reducing security budgets will exacerbate the issue. Decision makers need to invest in strengthening their cyber defences from the inside out. This should encompass the robust monitoring and testing of systems and access controls, investment in data loss prevention, and the continuous education and training of employees to raise awareness of cyber security best practices.”
Picture by Mark Rowe: Forth Rail Bridge, North Queensferry, summer dawn.