In the UK, Critical National Infrastructure (CNI) is defined by the National Cyber Security Centre (NCSC) as ‘Those critical elements of Infrastructure (facilities, systems, sites, property, information, people, networks and processes), the loss or compromise of which would result in a major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or to loss of life.’ This encompasses thirteen sectors: chemicals, civil nuclear, communications, defence, emergency services, energy, finance, food, government, health, space, transport, and water.
Ransomware is difficult to protect against as the criminals themselves are security experts who carefully review and target their victims. Attackers are becoming increasingly skilled at exploiting vulnerable services and unpatched software, with almost three-quarters of Ransomware attacks managing to successfully encrypt private company data. According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.