Since the 2010’s, significant malicious attacks disrupting critical infrastructure have become commonplace. In this timeframe, attacks disrupting government agencies and ministries, energy and water firms, healthcare providers, aviation, and telecommunications sectors have mushroomed. We’ve also seen tit-for-tat cyber-attacks on vital infrastructure become common place amidst international conflicts.
The nature, speed and scale of recent incidents have served as a sobering reminder of how even secure systems can be brought down; how rapidly services we depend upon for vital everyday services – critical infrastructure – can fail. And how costly it can be to recover them quickly.
The risk of disruption is influenced by multiple factors:
- The capability, pace and impact of today’s cyber-threats
- The drive for greater connectivity
- The technology burden
- The complexity of regulation
- The cost of resilience
- The lack of business continuity and disaster recovery
Given the threat landscape, it’s clear that investing in cyber resilience is critical at both a national and commercial level – underpinning national security, social and economic wellbeing, and long-term prosperity.
But how can we ensure this investment leads to positive outcomes? What directive and supportive measures are required to create the right environment for cyber resilience?
In this paper, we take a closer look at the threat facing critical infrastructure internationally, the role of the state in creating a security-focused operating environment, and the central responsibility of business to drive improvements in cyber resilience.