- 엣지 컴퓨팅 2028년까지 연평균 13.8% 성장···· 리테일 및 서비스 부문이 최대 비중
- SAP CEO Christian Klein predicts manual data entry will disappear from SAP by 2027
- The CTO vs. CMO AI power struggle - who should really be in charge?
- I found an Android phone that can convince iPhone users to make the switch - and it's not a flagship
- Finally, Bluetooth trackers for Android users that function better than AirTags (and they're on sale)
CNI Security Leaders Express Cyber Confidence Despite 95% Breach Rate
The leadership team at UK-based cyber consultancy Bridewell has raised concerns about overconfidence among leaders responsible for critical infrastructure security following a recent survey.
Bridewell’s 2025 Research Report, its fifth annual survey on the state of cybersecurity threats and maturity in the UK’s critical national infrastructure (CNI) sectors, was released on March 20 during the company’s CNI Summit in London.
The survey shows a high level of confidence within UK CNI security leaders regarding the cyber maturity of their organizations.
Nine in ten respondents (90%) reported that their IT security strategy was mature, and 44% described it as “very mature.”
This optimism comes despite the Bridewell survey finding that 95% of UK CNI organizations experienced a data breach in the past year.
Over half (54%) reported financial losses exceeded £100,000 ($130,000) per breach, with cyber security upgrades, systems recovery and increased operational costs contributing to the bulk of the expenses.
UK CNI Security Leaders Show “Optimism Bias”
Speaking at a briefing on March 19, Anthony Young, CEO of Bridewell, acknowledged that there is a significant gap between CNI entities and other organizations in the UK in terms of cyber preparedness and resilience.
He noted that UK CNI generally had more substantive cyber budgets than other companies and had better representation of cyber leaders on the board, for instance.
Nevertheless, Young admitted that he was surprised by the level of confidence CNI security leaders had in their strategy.
“Every time I speak with them, they seem to be very pessimistic about their readiness to face cyber threats, so seeing this level of optimism surprised me a little,” he said.
Ben Vaughan, Chief Commercial Officer at Bridewell, added that the level of confidence CNI security leaders had in their operational technology (OT) cyber strategy was of particular interest.
The share of respondents who considered their OT systems to be well prepared against cyber threats was similar, with 88% of respondents stating that their OT security strategy was mature and 34% believing it was “very mature.”
“Today, most of these organizations are in a position to have good visibility over the IT systems, with endpoint security solutions, whereas OT environments are still very much in the dark,” he said.
According to Martin Riley, CTO of Bridewell, said “optimism bias” is at odds with reality, as one-third of the same respondents admitted to paying the ransom when their organization was targeted by ransomware.
Additionally, the fact that only a quarter of respondents admit to following best practices for cyber risk assessments raises questions about the basis for their confidence.
Read more: UK Recognizes Data Centers as Critical National Infrastructure
CNI Organizations Must Prioritize Rapid Response
Other key findings in the survey include:
- Slow response times: Only 22% of organizations can respond to a ransomware attack within an hour, while 69% take up to six hours
- Cloud services under attack: 69% of organizations cite cloud services as the most targeted attack vector, with 90% worried about meeting compliance requirements
- Rise of AI-driven threats: 83% of respondents cite AI-driven phishing as a top concern, while 95% of organizations are adopting AI-driven tools
- Looming supply chain threats: Only 42% of organizations are “very confident” in their ability to handle supply chain cyber threats, with 57% experiencing a supply chain attack in the past year
- Talent gap: UK CNI organizations are focusing on reskilling (with a goal of developing skills in the next 2-3 years) and outsourcing to address the cyber security skills shortage
“As cyber threats continue to evolve, UK CNI organizations must prioritize rapid incident detection and response, as well as bolster their cyber security maturity and strengthen resilience against supply chain risks,” said Young.
“With AI taking a bigger role in both attacks and defenses, organizations must remain proactive to safeguard critical infrastructure and national security, especially in a tumultuous geo-political climate.”
The Bridewell survey was conducted by Censuswide among over 600 cybersecurity professionals in UK CNI organizations.
Read now: Cybersecurity Implications of Data Centers as Critical National Infrastructure
