The risks facing industrial organisations are growing in both scale and variety while many critical national infrastructure operators are being asked to stretch budgets beyond what feels safe.

Organisations responsible for energy, transport, water and manufacturing are tasked with protecting increasingly complex operations from attackers who are using a much wider range of techniques than even a few years ago.

These organisations often find themselves defending essential systems while justifying every item of spend, causing some to cut back on security because the benefits are not always immediately visible.

But consequences of those decisions aren’t always immediate, often occurring when disruption is deeper and recovery slower. Once an industrial environment is interfered with, bringing it back online isn’t always instantaneous, and safety considerations can escalate well beyond what any budget expected.

And with digital transformation, attackers can and now do move laterally from the information technology side of a business or organisation, into planning systems, supplier connections, cloud interfaces and remote access points until they reach the technology that keeps production running.

This is why cyber resilience in critical infrastructure is essential to prevent breakdowns, protect uptime and keep critical services running.

Pressure Points That Attackers Understand

Recent rises in industrial ransomware show how urgently a stronger mindset is needed. According to the Dragos 2026 OT/ICS Cybersecurity Report, ransomware remained the most impactful threat to industrial organisations, with attacks increasing 64 percent year-over-year.

Dragos tracked 119 ransomware groups targeting industrial organisations in 2025, up from 80 the year before, collectively impacting 3,300 organisations. Manufacturing accounted for more than two-thirds of all victims, showing how attackers deliberately focus on sectors where disruption creates immediate pressure and quick leverage.

Most attacks in industrial environments still begin with predictable weaknesses. Exposed remote access tools, forgotten third party accounts and unpatched systems give attackers simple points of entry. Incidents in throughout 2025 showed how quickly these gaps escalate.

For example, in the UK Jaguar Land Rover saw operational disruption because of a ransomware attack, while further afield Asahi’s operations in Japan were also severely impacted by ransomware.

In each case, what started as a technical breach developed into an operational stoppage, then a supply chain delay and finally lost revenue and a hit to the company’s brand and reputation amongst its customers.

Sectors where downtime causes the greatest impact are feeling this pressure most sharply. Manufacturing still sees the highest number of incidents, but key industries ranging from transport and logistics to telecoms and government face significant threats too.

Attackers are also targeting engineering partners and suppliers, knowing that a single compromise further up the supply chain can open the door to many organisations at once.

At the same time, budget constraints are prompting teams to relax vendor checks or ease remote access rules, widening exposure precisely when it needs to be narrowing. Cutting corners may feel practical in the moment, but in today’s environment it is increasingly detrimental.

A Practical Path to Lowering Risk

There are steps that security leaders can take to ensure their organisation is best prepared for whatever threats may be around the corner.

Most crucially, they need to develop a clear understanding of the systems they depend on, who can reach them and which assets they can never afford to lose. This includes engineering workstations, remote access points and the business systems that keep operations moving at all times.

Strengthening access controls, patching exposed systems and tightening privileges removes many attacker entry routes. Network segmentation can limit how far an intruder can move, while reliable backups, tested properly, ensure recovery is possible even when there is a security breach.

Now is also the time for security leaders to increase their organisation’s readiness outside normal working hours and ensure both IT and OT teams work from clear, well-practiced playbooks that reflect current geopolitical threats.

They also need to act on real‑time threat intelligence, vet the resilience of suppliers and apply the SANS ICS Five Critical Controls consistently across all operations to reinforce their overall security.

Across the globe, boards now recognise that ransomware and other threats to industrial operations can have serious consequences for their organisations. Whether it’s grounded fleets, stalled production lines or major delays in services or operations, they can all bring about serious financial costs and reputational damage.

As a result, it’s crucial that leaders, both in security teams and all the way up to board level, understand the fundamentals of OT security. Being aware of which assets or suppliers might be most at risk and having incident response plans set in stone can be critical in getting operations up and running again quickly should they become a target.

Industrial organisations operating critical national infrastructure are facing a period unlike one we have previously seen. Existing cyber threats are evolving and new ones continue to emerge in differing forms, all at the same time as budgets continue to tighten.

However, the most effective defences remain the steady, uncomplicated practices that strengthen visibility, control and recovery. This will be the key to maintaining resilience amid a rising risk landscape in the years ahead.