Stay updated with the latest industry-leading AI coverage by subscribing to our daily and weekly newsletters. Join now for exclusive content and updates. Learn More
While direct attacks on critical infrastructure often grab headlines, the real threat lies in the poor cybersecurity practices of the businesses that support these systems. Shockingly, the Cybernews Business Digital Index revealed that 84% of Fortune 500 companies received a grade of “D” or worse for their cybersecurity efforts, with 43% falling into the “F” category. Only a mere 6% of companies managed to achieve an “A” rating. What’s even more concerning is that industries crucial to critical infrastructure, such as energy, finance, and healthcare, are among the weakest in terms of cybersecurity.
Corporate cybersecurity shortcomings are not just a corporate concern; they pose a significant national security risk. The resilience of the country’s critical infrastructure depends on robust digital defenses. When businesses neglect to secure their networks, they expose the entire nation to potentially devastating cyberattacks.
A mismatch between risks and preparedness
The latest report from the World Economic Forum highlights a troubling disparity. While two-thirds of organizations are relying on AI to shape cybersecurity strategies this year, only 37% have established processes to ensure the security of their AI tools before deployment. It’s akin to putting blind faith in a sophisticated gadget without understanding its operation manual – a risky move that could invite trouble. As businesses struggle to prepare adequately, cybercriminals are leveraging AI to launch targeted phishing attacks against corporate executives.
Cyberattacks, regardless of their nature, are becoming increasingly challenging to defend against. For instance, the finance and insurance sectors, which handle sensitive data critical to the economy, are alarmingly vulnerable. In these sectors, 63% of companies received a “D” grade, while 24% failed outright. Last year, LoanDepot, one of the nation’s largest mortgage lenders, fell victim to a significant ransomware attack, leading them to shut down certain systems.
Ransomware remains a prevalent threat due to lax cybersecurity measures. Crowdstrike reported a 75% increase in cloud environment intrusions from 2022 to 2023, with cloud-conscious incidents rising by 110% and cloud-agnostic incidents by 60%. Despite technological advancements, email remains a primary target for cybercriminals. Hornetsecurity noted that nearly 37% of all emails in 2024 were flagged as “unwanted,” indicating that businesses are struggling to address fundamental vulnerabilities proactively.
The business-national security nexus
Weakened cybersecurity isn’t just a corporate issue – it’s a national security concern. The 2021 Colonial Pipeline cyberattack disrupted energy supplies and exposed vulnerabilities in critical sectors. Heightened geopolitical tensions, particularly with China, exacerbate these risks. Recent breaches attributed to state-sponsored actors have exploited outdated telecommunications infrastructure and other legacy systems, underscoring how neglecting technology updates can endanger national security.
For example, the hacking of U.S. and international telecommunications companies last year exposed phone lines used by top officials and compromised data from surveillance systems, posing a threat to national security. Inadequate cybersecurity at these firms incurs long-term consequences, enabling state-sponsored actors to access sensitive information, influence political decisions, and disrupt intelligence operations.
It’s crucial to understand that vulnerabilities are interconnected. Events in one sector, whether telecommunications, energy, or finance, can trigger a chain reaction impacting national security on a larger scale. Collaboration with IT and DevOps teams is essential to identify and address gaps, prioritize timely updates, and stay ahead of evolving cyber threats.
Mitigating the risks
To confront the escalating cyber threats, businesses must enhance their security measures. Taking proactive steps in the following areas can significantly bolster cybersecurity:
- Implement AI-based cybersecurity tools that continuously monitor for suspicious activities, including AI-driven phishing attempts. These tools can automate threat detection, analyze patterns, and respond in real-time to mitigate potential damage from cyberattacks like ransomware.
- Establish a robust system to assess the security of AI tools before deployment. This should entail rigorous AI security audits to identify vulnerabilities such as susceptibility to adversarial attacks, data poisoning, or model inversion. Companies should also adhere to secure development lifecycle practices for AI tools, conduct regular penetration testing, and ensure compliance with established frameworks like ISO/IEC 27001 or the NIST AI Risk Management Framework.
- Given the surge in cloud-based attacks, particularly ransomware and data breaches, organizations should adopt advanced cloud security measures. This includes robust encryption, continuous vulnerability scanning, and the integration of AI to predict and prevent future breaches in cloud environments.
- Legacy systems remain a prime target for hackers. Keeping systems updated and promptly applying patches can thwart vulnerabilities before malicious actors exploit them.
Collaboration is key
No single company can effectively combat today’s cyber threats in isolation. Collaborating with government agencies is not just beneficial – it’s imperative. Real-time sharing of threat intelligence enables organizations to respond swiftly and stay ahead of emerging risks. Public-private partnerships can level the playing field by providing smaller firms access to resources like funding and advanced security tools they may not afford independently.
The World Economic Forum report underscores the importance of collaboration, emphasizing that resource constraints create gaps in cyber resilience. By working together, businesses and the government can bridge those gaps and build a more robust, secure digital environment capable of thwarting increasingly sophisticated cyberattacks.
The business case for proactive security
While some businesses may argue that stringent cybersecurity measures are costly, the repercussions of inaction could be far more severe. According to IBM, the average cost of a data breach surged to $4.88 million in 2024, marking a 10% increase from 2023 and the highest since the onset of the pandemic in 2020.
Companies that have proactively enhanced their security systems benefit from quicker incident response times and greater trust from customers and partners seeking to safeguard their data. For instance, Mastercard developed a real-time fraud detection system utilizing machine learning to analyze global transactions. This initiative reduced fraud, boosted customer confidence, and enhanced security for both customers and merchants through instant alerts for suspicious activity.
Furthermore, proactive companies realize cost savings. IBM reports that two-thirds of organizations are integrating security AI and automation into their security operations centers. When applied to prevention workflows such as attack surface management and posture management, these organizations experienced an average $2.2 million reduction in breach costs compared to those not leveraging AI in their prevention strategies.
A call to action for business leaders
America’s critical infrastructure is only as strong as its weakest link, which currently resides in business cybersecurity. Weak defenses in the private sector pose a significant risk to national security, the economy, and public safety. To avert catastrophic outcomes, decisive action is imperative from both businesses and the government.
Encouragingly, progress is underway. The executive order on cybersecurity issued by former President Biden mandates that companies engaging with the federal government adhere to stringent cybersecurity standards. This initiative urges business leaders, investors, and policymakers to enforce robust safeguards, invest in resilient infrastructure, and foster collaboration across industries. By taking these steps, the weakest link can transform into a formidable defense against cyber threats.
The stakes are too high to overlook. Failure by businesses, whether in partnership with the government or not, to act decisively could result in more severe and devastating disruptions to the systems on which everyone relies.
Vincentas Baubonis leads the team at Cybernews.
