Over a third (34%) of organisations across UK critical national infrastructure (CNI) anticipate a rise in cyber crime as a direct result of the current economic crisis, according to new research by leading cyber security services firm Bridewell.
The ‘Cyber Security in CNI: 2023’ research report, which surveyed 500 cyber security decision makers in the UK, in the transport and aviation, utilities, finance, government, and communications sectors, found concern is particularly high in the utilities sector – including energy and gas – with 41% of respondents predicting a surge in cyber crime as a result of financial hardship. The findings come as the ongoing Russia-Ukraine war squeezes oil and gas flows to the UK, causing a spike in prices for fuel and food.
With the rising cost of living putting employees under increased financial strain, over a fifth (21%) of CNI decision makers now rank employee sabotage among the biggest risks to their organisation’s IT environment. The mean number of security incidents relating to employee sabotage has already increased by 62% within CNI over the last 12 months – from 13 instances per organisation to an average of 21.
Phishing and social engineering attacks
A third (33%) of decision makers also believe that the prevalence of phishing and social engineering attacks will grow due to the economic downturn, suggesting that threat actors could prey on employees’ vulnerabilities and financial fears to gain illicit access to CNI data and systems.
The findings reflect a longer-term rise in cyber security risk from insiders (both malicious and negligent) over the past three years, with two-thirds (66%) of CNI decision makers reporting an increase in insider threats since 2020. However, after a period of increased security spend last year, 65% of CNI organisations are now seeing a reduction in their security budgets due to the economic downturn, potentially opening the sector to more insider risks.
Anthony Young, Co-CEO at Bridewell, commented: “The threat of insider sabotage has always been high across CNI, but current economic pressures are making it easier for criminals to exploit the vulnerabilities of both employees and organisations. Reducing security budgets will exacerbate the issue. Decision makers need to invest in strengthening their cyber defences from the inside out. This should encompass the robust monitoring and testing of systems and access controls, investment in data loss prevention, and the continuous education and training of employees to raise awareness of cyber security best practices.”
Subscribe to the FINN weekly newsletter