Addressing OT downtime: financial impact and state of cybersecurity

New research highlights the financial impact of OT downtime in UK critical infrastructure, alongside ongoing challenges in incident remediation.

Research from e2e-assure examines the impact of operational technology (OT) downtime on the UK’s critical national infrastructure (CNI), including associated financial costs following cyberattacks. It reports that 80% of organisations experience costs of up to £5 million as a result of such incidents, reflecting the level of exposure linked to operational disruption.

According to the findings, nearly a quarter of severe OT downtime incidents cost more than £1 million, with 6% exceeding £5 million. Around 80% of manufacturing and CNI organisations that experience downtime report losses between £100,000 and £5 million.

The research also notes that incidents affecting essential services and industrial operations are occurring more frequently, alongside rising geopolitical concerns. A total of 64% of IT decision-makers report concern about potential nation-state attacks, which are described as having both financial and operational impacts.

In terms of response, organisations report an average detection time of 52 days following a compromise. While some organisations are able to detect breaches within 12 hours, resolving incidents can take significantly longer, with some large enterprises requiring more than a year to fully remediate major incidents.

The findings highlight differences between perceived and actual risk. Many decision-makers report lower concern around insider threats and reduced emphasis on visibility into OT network activity, despite these being areas where incidents can persist undetected. Common attack methods include phishing, malware and ransomware, insider threats, and credential compromise.

Supply chain-related risks are also identified, with 21% of CNI organisations reporting multiple incidents linked to suppliers or third parties, indicating the role of trusted access points in security breaches.

Beyond direct financial impact, organisations report concerns related to reputational damage and revenue loss, as well as workforce effects. Among smaller organisations, 37% report employee loss following major incidents.

The research indicates that 32% of organisations are adapting IT-based detection platforms for use in OT environments, while 28% report using detection capabilities specifically developed for OT systems.

Northumbria Healthcare has partnered with Schneider Electric to modernise its infrastructure,...
Qlik widens its alliances, enhancing partner capabilities to streamline access to its data...
Cognizant has introduced Neuro AI Trust, a platform designed to support AI governance by providing...
Vertiv opens a new manufacturing hub in Johor to help meet the rising demand for AI and...
Kyndryl's latest report reveals a decline in workforce readiness for AI and highlights the...
MedOne strengthens leadership as it embarks on infrastructure expansion and AI-focused initiatives.
Verkada partners with NVIDIA to advance AI in physical security and operations, enhancing safety...
As UK firms increase AI utilisation, managing and understanding costs is becoming an important...