Cyber attacks are hitting critical services hard, and the financial hit can’t even be ignored anymore. Research from e2e-assure found that 80% of critical national infrastructure organisations report operational technology downtime costs of up to £5m after an attack.
These losses come from disruption to physical operations. When systems go offline, production can stop, transport can stop, and energy supply can be affected. That turns a cyber incident into a real world problem with immediate financial damage.
The same research found that 23% of the most severe downtime incidents cost over £1m, and 6% go past £5m. Among firms that experience downtime, about 80% report losses between £100,000 and £5m, based on the e2e-assure data.
This is no longer a rare worst case. The research makes it plain that these costs are becoming a regular outcome for businesses running essential services and industrial operations.
What Is Making These Attacks More Damaging?
Something that’s becoming a problem is the involvement of nation state actors. The research found that 64% of IT decision makers now fear these types of attacks.
Rob Demain explained the change in intent. He said, “This fear reflects a shift in how cyber threats are being used, not just for data theft and monetary gain, but to disrupt operations and apply strategic pressure against critical services such as energy, transport and manufacturing.”
He added, “For OT environments, the impact of this threat is more immediate and tangible than in IT. Industrial systems underpin physical processes, meaning a successful breach can interrupt operations, halt production or affect safety.”
Attackers often start with simple entry points such as phishing emails or stolen login details. From there, they move deeper into systems, which increases the chance of long disruptions once they gain access to operational technology.
Geopolitical tension is also feeding this trend, with attacks used to apply pressure rather than just steal data.
Why Are Companies Struggling To Recover?
Detection is improving, but recovery is taking far longer. The research found that the average time from compromise to detection is 52 days, giving attackers plenty of time inside systems.
Even after detection, fixing the problem can take months or longer. One in ten large enterprises take over a year to fully resolve major incidents, based on the Censuswide research commissioned by e2e-assure.
More from News
- US Petrol Prices Are Over $4 For The First Time Since 2022 – Is It Too Late For Recovery?
- Diverse Startup Boards Are More Likely To Succeed – What’s Driving The Advantage?
- Let’s Talk About The White House App: Informative, Intrusive Or Irrelevant?
- 75% Of Fans Oppose VAR As Experts Analyse The Technology Behind It
- How Much Are UK Households Spending On Subscriptions Each Month?
- Indonesia Is The Next Country To Introduce Social Media Bans For Teens
- WTF At Work? New Research Shows UK Staff Trapped In Tech Frustration
- How Does The EU Data Breach Impact The UK?
Rob Demain said, “Our research shows that organisations are making progress in how quickly they can detect incidents, but that progress is not yet carrying through to remediation and this gap between detection and resolution is leaving OT environments exposed for extended periods.”
He added, “In OT environments, where cyber physical systems directly support operations and essential services, delays in resolving incidents can have lasting operational and financial consequences.”
There are also blind spots. About 45% of decision makers say insider threats are a low concern, and 44% place less importance on visibility into OT network activity. These gaps can allow attacks to continue without being spotted.
How Are Attackers Getting In So Often?
Many attacks use simple and repeated methods. The research found phishing accounts for 17% of repeat attacks, malware and ransomware 16%, insider threats 15%, and credential theft another 15%.
This means attackers are not using highly advanced techniques. Email scams and stolen access details remain effective ways in.
Supply chains are another risk area. Among mid sized organisations, 21% report four or more incidents connected to suppliers or third parties. Critical infrastructure firms report the same level of repeated issues connected to supply chain access and credential theft.
Attacks are also frequent. Many organisations deal with four or more incidents each year, which adds pressure on teams trying to keep systems running.
The longer term effects are also hitting businesses. Around 25% are more concerned about reputational damage, and 20% worry about brand or revenue loss. Staff turnover is another problem, with 37% of smaller organisations saying employees leave after major incidents.
The research, done by Censuswide in January 2026 among 250 cybersecurity decision makers, makes it plain that attacks are now a regular cost of doing business for many organisations running critical systems.
