Britain’s critical infrastructure is under cyber siege — and the threat is growing

5 June 2025, 09:40

By Jesper Olsen

The UK's Critical National Infrastructure (CNI), which encompasses essential services such as electricity, gas, water, transport and healthcare, is under constant threat from cyberattacks and many of these organisations are struggling to protect themselves.

The potential consequences of a successful cyberattack on CNI are severe, including widespread disruption of essential services and potential risks to public safety.

Alarmingly, these threats are pervasive: over three-quarters (76%) of UK industrial organisations, including those responsible for parts of UK infrastructure, have experienced cyberattacks. More than 27% of these organisations have suffered operational shutdowns as a direct result.

In fact, the UK is the most targeted country in Europe when it comes to cyberattacks, showing the scale of the challenge.

The majority of threat actors targeting critical infrastructure in developed nations are state-sponsored. For example, in May 2023 critical infrastructure in Denmark was impacted by one of the biggest cyberattacks in the country’s history.

The incident involved 22 energy companies being breached in just a few days after experiencing a coordinated attack, which enabled attackers to gain access to some of the companies’ industrial control systems.

To deal with the attack, several of the affected companies had to go into island mode operation, cutting themselves off from the main energy grid. The Russian state is widely believed to have been involved in the attack.

Digital transformation is causing cyber risk

A significant factor contributing to the increased vulnerability of CNI is the ongoing digital transformation taking place within the sector. Interconnected devices on-site - known as the Industrial Internet of Things (IIoT) - are helping organisations leverage real-time data to improve efficiency, increase automation and cut costs.

However, a key risk of this is that the devices can offer potential entry points for hackers to gain unauthorised access to a site’s IT systems.

Once inside, hackers can use botnets - a network of interconnected devices like computers, servers, and mobile devices infected with malware and controlled remotely by a hacker - to launch targeted attacks on critical infrastructure, such as energy grids, power plants, water and waste management systems, food processing plants and transportation networks.

Attackers typically infiltrate systems using both generic malware and malware designed specifically to target and attack critical infrastructure.

These infiltrations often result in attacks that can paralyse or, in some cases, entirely halt industrial operations.

Sensors and connected IIoT devices are also high-value targets for hackers looking to collect ransoms or sabotage rival nations by gaining access to confidential data.

Rising threat from deepfakes

The rapid advancement and increasing accessibility of deepfake technology represents another major cybersecurity threat to the UK’s CNI.

No longer the domain of only sophisticated threat actors, even less-skilled attackers can now use deepfakes for malicious purposes.

The potential for deepfakes to cause damage is significant, particularly in the context of CNI. By 2026, it is estimated that 30% of enterprises may find their identity verification solutions unreliable due to the proliferation of AI-generated deepfakes.

Success rates of social engineering - whereby a hacker manipulates or deceives a victim to gain control over a computer system - will also undoubtedly rise. This could spell disaster for CNI organisations, leading to disruption of essential services, compromised data, and potentially even irreparable damage to infrastructure.

The UK must bolster its defences

Attackers aren’t giving up when they encounter resistance anymore, which means to protect their networks critical infrastructure operators need to practice using their cybersecurity guidelines and procedures more than once to ensure they’re fully prepared for any threats they face.

Attackers are active around the clock which means that CNI organisations need a 24/7 security operations centre. As cyberattacks only continue to grow in sophistication, a cutting-edge threat hunting capability is also non-negotiable. Attackers can sometimes slip through the cracks and avoid setting off detections, so the ability to find these ‘ghosts’ in the system is key.

The impact of an attack on critical infrastructure isn’t just about the negative impact on organisations and systems if a power system fails. It’s also about the well-being of citizens if they become cut off from an essential service. As such, reducing the vulnerabilities of critical infrastructure and improving cyber resilience should be a priority for any nation.

The only way for critical infrastructure operators to combat this never-ending battle for cyber resilience is to innovate.

As referenced in the Government’s recent Strategic Defence Review, this means looking at new ways to protect their systems from compromise and regularly assessing their cybersecurity risk profile in accordance with national and international regulations.

_______________________

Jesper Olsen is the Chief Security Officer for EMEA North, Palo Alto Networks

LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.

The views expressed are those of the authors and do not necessarily reflect the official LBC position.

To contact us email opinion@lbc.co.uk