SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Flux result 640ebcf8 edab 4bf1 b6c7 58f2aaec8489
#
Malware
#
Ransomware
#
IoT Security

OT downtime costs firms up to GBP £5 million, survey finds

Thu, 2nd Apr 2026
Author image
By Kaleah Salmon, News Editor

e2e-assure has published research showing that 80% of manufacturing and critical national infrastructure organisations that experience operational technology downtime lose between GBP £100,000 and GBP £5 million. The findings are based on a survey of 250 cybersecurity decision-makers.

Nearly a quarter of the most severe OT downtime incidents cost more than GBP £1 million, and 6% exceed GBP £5 million. The study highlights the broad financial burden of cyber incidents in industrial and essential service environments, where attacks can disrupt both physical operations and digital systems.

Nation-State Concern

The research found that 64% of IT decision-makers fear nation-state attacks amid rising geopolitical tensions. That concern reflects a broader shift in how respondents assess cyber risk in OT settings, where breaches can affect production lines, utilities and transport systems.

"This fear reflects a shift in how cyber threats are being used, not just for data theft and monetary gain, but to disrupt operations and apply strategic pressure against critical services such as energy, transport and manufacturing," said Rob Demain, Chief Executive Officer of e2e-assure.

"For OT environments, the impact of this threat is more immediate and tangible than in IT. Industrial systems underpin physical processes, meaning a successful breach can interrupt operations, halt production or affect safety."

Nation-state actors often enter through familiar routes, such as phishing emails or compromised credentials, before moving into OT systems, making the speed of detection and remediation critical to limiting the impact of an attack.

Detection Gap

The survey found an average dwell time of 52 days from compromise to detection. That gives attackers weeks to move through networks and reach important systems before defenders identify a breach.

Although 31% of organisations said they can detect breaches within 12 hours, remediation appears to lag well behind. One in 10 large enterprises reported taking more than a year to remediate major incidents, indicating a gap between detecting intrusions and fully resolving them.

"Our research shows that organisations are making progress in how quickly they can detect incidents, but that progress is not yet carrying through to remediation and this gap between detection and resolution is leaving OT environments exposed for extended periods," said Demain.

"In OT environments, where cyber physical systems directly support operations and essential services, delays in resolving incidents can have lasting operational and financial consequences."

The survey also suggests some organisations may be underestimating certain risks. About 45% of decision-makers said they were least concerned about insider threats. In comparison, 44% placed less importance on visibility into OT network activity, even though both can make persistent intrusions harder to spot.

Attack Routes

Many respondents reported repeated cyber incidents, with a sizeable share experiencing four or more attacks a year. The most common attack types were phishing at 17%, malware and ransomware at 16%, insider threats at 15%, and credential theft or account compromise at 15%.

These figures suggest attackers still rely heavily on established entry methods rather than rare or highly specialised techniques. Email compromise and the misuse of valid credentials remain prominent routes into operational environments.

Supply chain exposure also featured strongly in the findings. Among mid-sized organisations, 21% reported four or more incidents linked to suppliers or third parties, while respondents in critical national infrastructure recorded similarly high levels of repeated supply chain compromise and credential theft, both at 21%.

Longer-Term Impact

The research suggests concern is extending beyond immediate incident costs. Respondents increasingly pointed to reputational damage (cited by 25%) and brand or revenue loss (cited by 20%) as greater worries than the direct financial impact of an attack.

Workforce effects are also emerging in the data. Among smaller organisations with 1,500 to 2,499 employees, 37% said employee loss after major incidents was a key concern, suggesting cyber events can create pressure beyond technology and operations.

On defensive tools, around 32% of organisations said they use detection platforms originally built for IT and later adapted for OT. Only 28% reported using custom-developed OT-specific detection tools, indicating that many industrial organisations still rely on repurposed security systems rather than software designed for operational environments.

"While adaptation is a positive step, the relatively lower adoption of tailored detection suggests more organisations could benefit from approaches designed specifically for the characteristics of OT systems," said Demain.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack