NIS Regulation

How Cyber Mature Are the UK’s Critical National Infrastructure Organisations?

Published 6 October 2022

Cyber Security in Critical National Infrastructure Organisations: 2022 -  Part 2: Cyber Security Transformation and Security

2022 has been a momentous year for UK Critical National Infrastructure (CNI) organisations in almost every respect – and this is especially true of their cyber security. Alongside continuing trends, such as the growing momentum behind digital transformation initiatives, there have been new, disruptive trends that have driven significant changes in the cyber threat landscape. In 2022, UK CNI organisations have also invested significantly more on enabling cyber security transformation. 

To better understand how all these changes have impacted the cyber maturity of UK CNI organisations, Bridewell commissioned research among 521 UK cyber security decision-makers in the following industries: utilities, finance, transport and aviation, government and communications.  

These findings can be found in our latest research-report (the second in a two-part series)

CNI Research Report Part 2

Download the Report Today

Top Findings from the Research

Our research found that while CNI organisations are confident in their cyber security, there are still opportunities for them to increase their cyber maturity, and that doing so will help them increase cyber resilience, build new capabilities, and maximise ROI from their cyber security budgets.  

To illustrate this, here are just some of the top findings from our research: 

  • Confidence in Cyber Security Remains High: 89% of CNI organisations describe their cyber security strategy as secure.
  • Opportunities to Strengthen Resilience Remain: 62% say their current cyber security architecture is not fit for purpose.
  • Operators Need to Improve Maturity With the Greatest Pressure Coming From: 62% say it takes too long to detect and respond to threats.
  • Cyber Security Budgets Are Rising: 81% expect cyber security budgets to increase next year.

The report also covers other key topics, including: 

  • Confidence in Cyber Security 
  • Cyber Security Strategies and Investment 
  • Detecting and Responding to Threats 
  • Tools and Technology 
  • Threat Intelligence 
  • Regulation and Challenges 

What's Next for UK CNI?

Here’s what Scott Nicholson, Bridewell’s Co-CEO, had to say:

“Operators of critical national infrastructure (CNI) are under unprecedented pressure to strengthen resilience and improve cyber maturity. The events of the past few years have forced operators to accelerate digital transformation efforts, with many investing more in new technologies over the past two years than they have in the past ten. 

It’s an exciting period of change for the industry, with a noticeable trend towards integrating new technologies into operations to streamline services and enhance the customer experience. But the race to digitally transform does not need to come at the expense of cyber security. 

Operators of critical infrastructure are recognising the need to combine traditional preventative tools with more holistic and intelligent approaches to cyber security, such as using threat intelligence for risk-based decision-making. Such approaches enable a better understanding of attacks, as well as the development of better preventative strategies to protect infrastructure and society. 

But cyber security transformation isn’t always easy. To successfully drive cyber security improvements, operators face the challenge of maintaining system uptime whilst undergoing operationally and technically complex upgrades.  

This report – the second in our series – outlines how organisations are faring, as well as the opportunities and risks in cyber security. Importantly, it provides guidance to cyber leaders on how organisations can implement a robust cyber security transformation process and reap the benefits of a stronger, structured system for managing, isolating, and reducing threats.”

For more insight into cyber maturity in UK Critical National Infrastructure,  download the full report