64% of IT decision makers fear nation-state attacks as remediation times for critical breaches stretch past a year

Abingdon, U.K., 1 April - SOC-as-a-service provider, e2e-assure, today unveiled new research highlighting that 80%^[1] of critical national infrastructure (CNI) organisations are facing OT (operational technology) downtime costs of up to £5 million following cyberattacks, underlining the scale of financial exposure now tied to operational disruption.

Almost a quarter (23%^[2]) of the most severe OT downtime incidents now cost businesses over £1 million, with 6% exceeding £5 million. Among manufacturing and critical national infrastructure (CNI) organisations that experience downtime, around 80% report losses between £100,000 and £5 million.

Nation-state fears reshape cybersecurity priorities

These financial losses are not limited to rare, worst-case scenarios but are becoming a common outcome of incidents affecting essential services and industrial operations. As cyber attacks on typical IT environments are now commonplace, the threat to OT systems is increasing, particularly as geopolitical tensions rise, with 64%^[3] of IT decision-makers now fearing nation-state attacks.

“This fear reflects a shift in how cyber threats are being used, not just for data theft and monetary gain, but to disrupt operations and apply strategic pressure against critical services such as energy, transport and manufacturing,” said Rob Demain, CEO at e2e-assure. “For OT environments, the impact of this threat is more immediate and tangible than in IT. Industrial systems underpin physical processes, meaning a successful breach can interrupt operations, halt production or affect safety.”

Nation-state actors often exploit common entry points such as phishing or compromised credentials before moving into OT systems, increasing the risk of prolonged disruption if organisations are unable to detect and remediate activity quickly.

Remediation gaps leave OT systems exposed

These concerns are supported by the findings, which show the average time from compromise to detection is 52 days. This gives attackers considerable time to move through networks and access critical systems before being identified.

This protracted recovery points to a growing “remediation gap” in industrial cybersecurity. While 31%^[4] of organisations can now detect breaches within 12 hours, fully resolving incidents remains a significant challenge, with one in ten large enterprises taking over a year to remediate major incidents.

“Our research shows that organisations are making progress in how quickly they can detect incidents, but that progress is not yet carrying through to remediation and this gap between detection and resolution is leaving OT environments exposed for extended periods,” Demain added. “In OT environments, where cyber physical systems directly support operations and essential services, delays in resolving incidents can have lasting operational and financial consequences.”

The research also highlights a disconnect between perceived and actual risk with nearly half (45%^[5]) of decision-makers citing that they are least concerned about insider threats, while 44%^[6] place less importance on visibility into OT network activity. These areas are often where incidents persist undetected, particularly when remediation takes months or longer.

Common entry points continue to fuel major breaches

Worryingly, cyber incidents are also becoming more frequent, with many organisations experiencing four or more attacks each year. The most common repeat attack types include phishing (17%), malware and ransomware (16%), insider threats (15%), and credential theft or account compromise (15%). These figures indicate that attackers continue to rely on established methods, particularly email and compromised access, rather than more complex techniques.

Supply chain compromise is also a key factor with mid-sized organisations, with 21% reporting four or more incidents linked to suppliers or third parties. CNI organisations report similarly high levels of repeated supply chain compromise and credential theft, both at 21%, showing how trusted access points are frequently being used to gain entry.

Beyond this, organisations are increasingly concerned about longer-term impacts, such as reputational damage (25%) and brand or revenue loss (20%), which are now seen as greater risks than immediate financial impact. Workforce challenges are also becoming more prominent, with 37% of smaller organisations with between 1,500 and 2,499 employees citing employee loss (staff turnover) after major incidents as a key concern.

Positively, around 32% of organisations are using detection platforms originally built for IT and adapted for OT, showing that many are extending existing tools to cover industrial environments. However, only 28% report using custom-developed OT-specific detection capabilities. “While adaptation is a positive step, the relatively lower adoption of tailored detection suggests more organisations could benefit from approaches designed specifically for the characteristics of OT systems,” added Demain.

About e2e-assure

e2e-assure has provided expert SOCaaS solutions powered by our SaaS SOC platform, CUMULO, to government and CNI organisations for over a decade. Our 24/7/365 UK based Security Operations Centre, staffed exclusively by NPPV3 and security cleared cyber professionals, is dedicated to rapid, expert response for nation critical organisations.  

Unlike providers locked into specific technologies, our fully owned SaaS SOC platform, CUMULO, integrates with your existing security stack to optimise the value of your existing investments. With UK data sovereignty guaranteed and an unwavering focus on SOC excellence, we help you build resilience, reduce risk, and stay ahead of threat actors with confidence.

Methodology

The research was conducted by Censuswide, among a sample of 250 Cybersecurity DMs in businesses with 250-10,000 employees across the following industries: Food manufacturing, Discrete manufacturing, Critical National Infrastructure, Automotive manufacturing, Aerospace, Energy & Renewables, Utilities, Transport and Logistics, Retail  (e-commerce, supermarkets, department stores, electronics, health & beauty etc), Pharmaceutical Manufacturing, Medical manufacturing, Electronic manufacturing, Chemical manufacturing, Metal Manufacturing, Telecomms, Central government, Local government, Defence, and Life Sciences. The data was collected between 05.01.2026 - 09.01.2026. Censuswide abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles. Censuswide is also a member of the British Polling Council.

Contact:

Origin Communications:

Email: [email protected]

Phone: 07729102956