• United States



UK Editor

Cost-of-living crisis could trigger spike in cyberattacks on critical infrastructure

Apr 18, 20233 mins
Critical InfrastructureCyberattacksRisk Management

Report warns of the CNI security impacts of economic hardship including insider threats, social engineering attacks, and reduced cyber budgets.

1887170134 attack surface programming abstract
Credit: whiteMocca / Shutterstock

The cost-of-living crisis could trigger a rise in cyberattacks and security risks impacting UK critical national infrastructure (CNI). That’s according to new research by UK cybersecurity services firm Bridewell, which surveyed 500 UK cybersecurity decision makers in the transport and aviation, utilities, finance, government, and communications sectors. The Cyber Security in Critical National Infrastructure Organisations: 2023 report found that over a third (34%) of organisations across UK CNI anticipate a rise in cybercrime as a direct result of the current economic crisis.

The findings come as the ongoing Russia-Ukraine war squeezes oil and gas flows to the UK, causing a spike in prices for fuel and food.

Economic downturn may increase insider threats, social engineering attacks

The rising cost of living is putting employees and organisations under increased financial strain. As focus turns to financial stability, security issues could be sliding down the priority list, creating opportunities for insider threats to go unnoticed, the report read.

The rising cost of living could lead to an increase in insider threats and employee crime, as workers increasingly steal from their employers to make ends meet, the report said. Over a fifth (21%) of CNI decision makers surveyed now rank employee sabotage among the biggest risks to their organisation’s IT environment.

Meanwhile, organised criminal groups could be primed to exploit people’s vulnerabilities by reaching out to individual employees within an organisation, offering them a lucrative payoff in return for access to sensitive data or protected systems. A third (33%) of respondents expect the prevalence of phishing and social engineering attacks to grow because of economic downturns, suggesting that threat actors could prey on employees’ financial fears to gain illicit access to CNI data and systems.

Reduced cybersecurity budgets add to CNI security risks

Aside from evolving security threats, the economic pressures facing CNI are causing some UK organisations to re-evaluate their cyber spend. Almost two-thirds (65%) of respondents across UK CNI have seen some reduction or a significant reduction in their organisation’s cybersecurity budget this year, in sharp contrast to 2022, when cybersecurity budgets rose across all sectors, the report stated.

The communications sector has been impacted the least by cybersecurity budget cuts, with almost half (48%) seeing no change in cybersecurity budgets. However, the transport and aviation and utilities sectors (including energy, oil, and gas) have experienced the greatest fall in cyber budgets, with 73% and 69% of respective respondents seeing some reduction or a significant reduction, the research found.

CNI must strengthen cyber defences from the inside out

Amid increased security risks and decreasing security budgets, IT, and security leaders in the CNI sector must invest in strengthening their cyber defences from the inside out, said Anthony Young, Co-CEO at Bridewell. This should encompass the robust monitoring and testing of systems and access controls, investment in data loss prevention, and the continuous education and training of employees to raise awareness of cyber security best practices.”

Last September, the UK’s National Cyber Security Centre (NCSC) released a new version of the Cyber Assessment Framework (CAF) to support CNI organisations that are subject to the Network and Information Systems (NIS) regulations and organisations managing cyber-related risks to public safety. The release came in the wake of research which revealed that the UK CNI sector is struggling to address software supply chain risks and cyber skills shortages.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author