惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

大猫的无限游戏
大猫的无限游戏
博客园 - 【当耐特】
Cloudbric
Cloudbric
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Attack and Defense Labs
Attack and Defense Labs
爱范儿
爱范儿
The Cloudflare Blog
腾讯CDC
Security Archives - TechRepublic
Security Archives - TechRepublic
TaoSecurity Blog
TaoSecurity Blog
云风的 BLOG
云风的 BLOG
Recent Announcements
Recent Announcements
C
Check Point Blog
Schneier on Security
Schneier on Security
S
Schneier on Security
J
Java Code Geeks
B
Blog RSS Feed
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
A
About on SuperTechFans
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
阮一峰的网络日志
阮一峰的网络日志
罗磊的独立博客
A
Arctic Wolf
S
Secure Thoughts
P
Palo Alto Networks Blog
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 三生石上(FineUI控件)
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
U
Unit 42
I
InfoQ
D
DataBreaches.Net
P
Privacy International News Feed
T
Troy Hunt's Blog
博客园 - 叶小钗
T
Threatpost
博客园 - Franky
K
Kaspersky official blog
Hugging Face - Blog
Hugging Face - Blog
IT之家
IT之家
www.infosecurity-magazine.com
www.infosecurity-magazine.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cisco Blogs

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Average Number of Daily API Attacks Up 113% Annually Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
Kevin Poireault · 2026-03-19 · via www.infosecurity-magazine.com

Security leaders at the UK’s top critical national infrastructure (CNI) firms are relying more than ever on regulatory compliance to drive their cyber maturity and investments, Bridewell has found.

In its latest Cybersecurity in CNI Report 2026, the UK-based cyber service provider found that 35% of security leaders working across the UK’s 13 CNI sectors cited regulatory requirements as the primary influence on their security programs. This is up from 26% the in 2025 and 29% the year before.

In parallel, increased connectivity, the desire to support innovation and evolving cyber threats have all stagnated as cyber maturity influences. Only 25% of respondents mentioned one of these factors as driving security investment in 2025 and 2026.

This trend is likely due to a regulatory acceleration, with new legislation like the UK’s Cyber Security Resilience Bill (CSRB) and the EU’s NIS2 directive and Cyber Resilience Act (CRA) coming into force. Moreover, the UK has recently seen the overhaul of the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) for CNI organizations.

Speaking during a Bridewell press event in London on March 17, Sam Thornton, COO of Bridewell, said despite regulation compliance being considered more important than before for driving security investment, 35% is “still fairly low.”

“I think we will start to see regulation growing as the main driver of security investment in the next years to come,” he added.

Read more: Navigating Regulation Discrepancies – EU’s NIS 2 v UK's Cyber Security and Resilience Bill

Regulatory Challenges Loom for UK Critical Sectors

At the same time, the Bridewell report showed that adoption of major regulatory frameworks remains inconsistent. Less than half of respondents (46%) reported implementation or compliance with the CAF and only 29% reported adoption of the EU’s NIS2 directive.

It’s therefore “unsurprising”, said the report, that 39% of respondents admit low confidence in their cybersecurity measures for data protection.

Anthony Young, Bridewell’s CEO, said that, while there will always be people complaining about too much regulation, “the stick still works to improve cybersecurity.”

He added that the financial sector, one of most heavily regulated industries in the UK, is a good example as financial businesses have always led the way in cyber maturity levels in the country.

However, Young warned that “compliance on paper does not automatically translate into operational resilience.”

“Regulators are asking harder questions, and organizations will need to demonstrate policy alignment as well as real-world capability,” he said.

Additionally, Martin Riley, Bridewell’s CTO and head of the firm’s managed security services, observed that some of the benefits of regulatory guidance can also add more challenges for CNI organizations.

For instance, Riley said that in the UK, many CNI companies are mandated to achieve compliance with the new Enhanced Cyber Assessment Framework (eCAF) by March 2028.

“Now, with the CSRB coming into force later this year, the government will have the unilateral ability to change regulation on a whim, which could significantly disrupt the eCAF compliance roadmap for these organizations,” he explained.

Credit: Shutterstock AI
Credit: Shutterstock AI

93% UK CNI Hit by Cyber Incidents Last Year

Bridewell’s report also showed that almost all organizations in the UK’s CNI sectors have been targeted by cyber threat actors, with 93% of respondents reporting a cyber incident in the past year.

Of those who experienced an attack, 50% cited IT disruption and outage it as a major impact and 34% mentioned OT operations being affected as a result of a cyber incident.

Targeted organizations were found to have suffered revenue loss in 31% of cyber-attacks and data loss in 31% of cases.

More positively, however, these incidents have also resulted in increased cybersecurity budgets for 36% of respondents.

AI Emerges as Key CNI Cyber Concern

For the first time in its annual report, Bridewell asked security leaders about AI cyber risk.

While data protection and privacy remained the top cybersecurity challenge for almost half of respondents (43%), AI came second with 39% citing it as a top concern.

At the same time, AI is being rapidly adopted in defensive operations with more than a third (36%) of organizations already using AI to automate incident response and support threat hunting (35%).

Young likened the adoption of AI to “the early days of cloud.”

“It is powerful and widely adopted but often implemented faster than the controls designed to secure it. Organizations must apply the same discipline and guardrails to AI that they now expect for cloud and digital infrastructure,” he warned.

For Riley, keen adopter of AI tools himself, AI is now “central to modern cyber defence.”

“If you are not using AI to accelerate detection and response, you are falling behind attackers who are already using it against you. The challenge for 2026 is not whether to adopt AI, but how to govern it safely,” he said.

Finally, the research also uncovered a striking confidence gap in post quantum cryptography (PQC).

While 90% claimed to feel prepared, 38% admitted they have yet to review government guidance. This disconnect highlights what Bridewell describes as “confidence without clarity” in emerging risk areas like PQC.

Bridewell’s Cybersecurity in CNI Report 2026 was released during its CNI Cyber Security Summit, on March 19, in London.

It builds from a 27-question survey of 600 security leaders conducted by Censuswide across 13 critical infrastructure sectors in the UK.

Read more: Future-Proofing Critical Infrastructure – National Gas CTO Darren Curley on IT/OT Security Integration