Most CNI Firms Face Up to £5m in Downtime From OT Attacks

The e2e‑assure poll highlights a stark reality: operational technology (OT) failures are no longer a niche concern for UK critical national infrastructure, they are a mainstream financial threat. With potential losses up to $6.6 million per incident, the cost curve dwarfs typical IT breach expenses and directly threatens the continuity of energy, transport, manufacturing, and utilities. Executives must therefore treat OT risk as a core component of enterprise risk management, integrating it into budgeting, insurance, and board‑level discussions.

Compounding the financial stakes is a geopolitical shift toward state‑sponsored disruption. Recent Iranian cyber activity, amplified by regional tensions, demonstrates that even less‑resourced actors can leverage simple tactics—such as password spraying and MFA‑bombing—to infiltrate supply‑chain partners and pivot from IT to OT environments. The survey’s finding that 64% of leaders fear nation‑state attacks reflects a broader industry consensus that cyber‑warfare now targets physical processes, not just data. Yet detection remains sluggish; only about a third of firms identify breaches within half a day, leaving ample time for attackers to cause real‑world damage.

Mitigation strategies must evolve beyond traditional perimeter defenses. Enhancing visibility into OT networks, deploying continuous monitoring, and enforcing strict credential hygiene are essential first steps. Organizations should also prioritize supply‑chain resilience, given that 21% of mid‑size firms reported multiple third‑party incidents last year. Finally, the broader business impact—reputational harm, revenue loss, and even staff turnover—means that senior leadership must champion a culture of proactive OT security, allocating resources for advanced threat hunting, incident response drills, and cross‑sector information sharing.