Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide
  • Home
  • /
  • Aerospace
  • /
  • Bridewell research reveals UK CNI ransomware risks

Aerospace Security

Bridewell research reveals UK CNI ransomware risks

Three-in-ten UK-based critical national infrastructure (CNI) organisations (30%) that have fallen victim to a ransomware attack have risked legal repercussions by paying a ransom.

Above: Click here to download Bridewell research paper, Cyber Security in Critical National Infrastructure Organisations: 2024.
Courtesy Bridewell

 
The findings are in new research by leading cyber security services firm Bridewell, surveying 521 staff responsible for cyber security at UK CNI organisations in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply.

Advertisement
ODU RT

 
Sixty per cent of organisations surveyed have experienced at least one ransomware attack over the previous 12 months. More than a third (35%) suffered up to five ransomware attacks, but a small percentage of organisations (2%) experienced more than a hundred attacks.
 
In certain situations, for example, when an organisation has no ability to recover from a successful attack, there may be no choice other than to pay the ransom. However, payment can risk infringing UK and US laws that prohibit dealings with sanctioned individuals or entities. In the UK, for example, payments could be in breach of the Sanctions and Anti-money Laundering Act 2018. Ransom payments could also incur financial penalties from the Office of Financial Sanctions Implementation. At present, prosecutions are uncommon, however the UK and US governments have floated the idea of implementing a payment ban.
 
The research findings expose the multiple consequences of a ransomware attack on UK CNI. More than a quarter of respondents, for example, cited a psychological impact on employees (27%).Disruption, (42%), downtime (40%) and data-loss (39%) are all repercussions that respondents say their organisations have suffered, along with reputational damage (35%).  
 
Yet almost a third of organisations (32%) are also facing increased insurance premiums and 34% have also incurred financial losses from legal fees or fines. The average cost of a ransomware attack on UK CNI organisations is now £295,230, the research reveals.
Advertisement
ODU RT 2

 
Impacts are exacerbated by the length of time it takes organisations to respond to ransomware attacks, with the average now being 11.4 hours. Without a proactive strategy to address this significant challenge of response-delays, more organisations risk paying a ransom.
 
Almost nine-in-ten (87%) UK respondents in the research agree that attacks are more sophisticated, with ransomware-as-a-service (RaaS) deployed with greater knowledge and cunning. Threats are on the rise through increasing professionalisation in the ransomware world and the entry of organised crime groups from other areas of criminality.
 
“If you fall victim to a ransomware attack, paying the ransom should always be your last resort. Aside from the risk that cyber criminals may not restore access upon payment, there are also potential legal consequences to consider,” said Anthony Young, CEO at Bridewell.
 
“That being said, there are certain situations where organisations have no choice other than to pay. If the organisation has no ability to recover, then paying the ransom may represent the only viable option to resume operations other than rebuilding their systems from scratch. However, this difficult choice is avoidable by having a security strategy to reduce the risk of threat actors gaining access and transversing through your systems without discovery and effective removal. Building a relationship with a trusted security partner who understands your environment and the complex challenges faced by critical infrastructure can help you mitigate this risk by having the right expertise, resources, and support if the worst was to happen.”

CNI cyber firm Bridewell is a UK cyber security partner for organisations operating within CNI, as well as companies in other highly regulated sectors who require the highest standards of cyber security.

Advertisement
General Atomics LB General Atomics LB
IBS Software transforms Fuji Dream Airlines

Aerospace

IBS Software transforms Fuji Dream Airlines' operations

11 September 2024

Japanese regional carrier Fuji Dream Airlines and IBS Software, have collaborated to transform and seamlessly migrate airline operations to a cloud-native platform.

Change at the top for Thales in the UK

Aerospace Defence

Change at the top for Thales in the UK

10 September 2024

As Alex Cresswell has expressed his wish to step back from his executive role as Chairman and CEO of Thales in the UK, Phil Siveter has been appointed CEO of Thales in the UK, effective 1st November 2024.

New strategy sets 2028 deadline for AM advances

Aerospace

New strategy sets 2028 deadline for AM advances

9 September 2024

A new additive manufacturing (AM) strategy and roadmap sets out the actions needed by 2028 for UK aerospace to capitalise on the AM market which is expected to reach £10 billion by 2033.

Britten-Norman introduces Unleaded Fuel Modification for piston engine Islanders

Aerospace

Britten-Norman introduces Unleaded Fuel Modification for piston engine Islanders

9 September 2024

Britten-Norman is taking the next step on its journey towards sustainable aviation with the introduction of the Unleaded Fuel Modification for its BN2B-26 piston engine (Lycoming O-540-E4C5) Islander aircraft.

Advertisement
Marshall RT 2
Speedlink

Aerospace

Speedlink's FREDDs service featured in ITV's ‘Dogs with Jobs’

9 September 2024

Speedlink International Logistics is showcasing its specialist Free Running Explosive Detection Dogs (FREDDs) service as part of the upcoming ITV series, ‘Dogs with Jobs’, offering a behind-the-scenes look at the remarkable air cargo screening process that is being utilised by companies across the island of Ireland.

Aurrigo introduces autonomous vehicles to Inverness Airport

Aerospace

Aurrigo introduces autonomous vehicles to Inverness Airport

9 September 2024

Passengers at Inverness Airport have been given the opportunity to ride in Aurrigo’s autonomous Auto-Pod from the new rail station to the airport terminal.

Advertisement
ODU RT 2