Data breaches plague critical national infrastructure organisations 

95% of UK Critical National Infrastructure (CNI) organisations have experienced a data breach in the past year, according to the 2025 Cyber Security in Critical National Infrastructure report from specialist Bridewell.

Of these, 54% reported financial losses exceeding £100,000 per breach, with cyber security upgrades, systems recovery and increased operational costs contributing to the bulk of the expenses. Ransomware, phishing and unauthorised access were the top three most frequent types of attack. One-third of organisations targeted by ransomware admitted to paying the ransom.

Other key findings included:

• Response times and detection priorities – Only 22% of organisations were able to respond to a ransomware attack within an hour, while 69% managed to respond within six hours. 

• Cloud services are a prime target and data protection concerns loom – Cloud services have become the most targeted attack vector across IT and OT environments, with web browsing and internet access cited as the second main avenue for attack. Data protection remains a significant concern, with 90% of organisations expressing worries about meeting compliance requirements.

• AI-driven cyber threats are on the rise, as is AI adoption itself – Artificial intelligence is reshaping the cyber threat landscape, with AI-driven phishing emerging as the top AI-powered attack vector (83% cited it as a top concern). Automated hacking and AI-powered botnets follow closely behind. Bridewell said a “remarkable” 95% of UK CNI organisations are integrating AI-driven tools into their operations.

• Cyber security strategies and maturity concerns – Despite 90% of respondents believing they have a mature IT cyber security strategy, only a quarter follow best practices for cyber risk assessments. 

• Addressing the cyber security talent gap – To address the cyber security skills shortage, CNI organisations are focusing on re-skilling current employees, outsourcing to external partners and developing apprenticeship programmes over the next two to three years.

• Supply chain vulnerabilities persist – Only 42% of UK CNI organisations were “very confident” in their ability to handle supply chain cyber threats. 57% of respondents had experienced a supply chain attack in the past year, with the top three routes from firmware attacks, data interception and tampering and third-party service provider breaches.