Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More<\/em><\/p>\n\n\n\n Direct attacks on critical infrastructure get a lot of attention, but the bigger danger often lies in something less visible: The poor cybersecurity practices of the businesses that keep these systems running. According to the Cybernews Business Digital Index, a staggering 84% earned a \u201cD\u201d grade or worse for their cybersecurity practices, with 43% falling into the \u201cF\u201d category. Only 6% of companies got an \u201cA\u201d for their efforts. What\u2019s more troubling is that industries at the heart of critical infrastructure \u2014\u00a0like energy, finance and healthcare \u2014\u00a0are among the weakest links.<\/p>\n\n\n\n Corporate cybersecurity failures can\u2019t be separated from national security risks. The strength of the U.S.\u2019 critical infrastructure relies on solid digital defenses, and when businesses fail to secure their networks, they leave the entire country vulnerable to potentially devastating attacks.<\/p>\n\n\n\n The World Economic Forum\u2019s latest report reveals a worrying disconnect. Two-thirds of organizations are counting on AI to shape cybersecurity this year, but only 37% have processes in place to check if their AI tools are secure before using them. It\u2019s like putting all your trust in a high-tech gadget without reading the manual \u2014 risky and potentially asking for trouble. While businesses are grappling with preparation, AI is being leveraged by cybercriminals to orchestrate offensive campaigns against them. For instance, corporate executives are facing a surge of highly targeted phishing attacks created by AI bots.<\/p>\n\n\n\n Cyberattacks of any type are getting harder to repel. Take the finance and insurance sectors, for example. These industries manage sensitive data and are key to our economy, yet 63% of companies in these sectors earned a \u201cD\u201d and 24% failed entirely. It\u2019s no surprise that, last year, LoanDepot, one of the country\u2019s biggest mortgage lenders, was hit by a major ransomware attack that forced them to take some systems offline.<\/p>\n\n\n\n Ransomware continues to be a major issue due to weak cybersecurity measures. Crowdstrike found that cloud environment intrusions surged by 75% from 2022 to 2023, with cloud-conscious incidents rising by 110% and cloud-agnostic incidents by 60%. Despite advances in technology, email remains one of the main methods for cybercriminals to target companies. Hornetsecurity reports that nearly 37% of all emails in 2024 were flagged as \u201cunwanted,\u201d a slight increase from the previous year. This suggests that businesses are still struggling to address fundamental vulnerabilities through proactive measures.<\/p>\n\n\n\n Weak cybersecurity isn\u2019t merely a corporate issue \u2014 it\u2019s a national security risk. The 2021 Colonial Pipeline attack disrupted energy supplies and exposed vulnerabilities in critical industries. Rising geopolitical tensions, especially with China, amplify these risks. Recent breaches attributed to state-sponsored actors have exploited outdated telecommunications equipment and other legacy systems, revealing how complacency in updating technology can put national security in danger.<\/p>\n\n\n\n For instance, last year\u2019s hack of U.S. and international telecommunications companies exposed phone lines used by top officials and compromised data from systems for surveillance requests, threatening national security. Weak cybersecurity at these companies risks long-term costs, allowing state-sponsored actors to access sensitive information, influence political decisions and disrupt intelligence efforts.<\/p>\n\n\n\n It\u2019s critical to recognize that vulnerabilities don\u2019t exist in isolation. What happens in one sector \u2014\u00a0be it telecommunications, energy or finance \u2014\u00a0can have a domino effect that impacts national security at large. Now, more than ever, it\u2019s essential to collaborate with IT and DevOps teams to close any gaps, and prioritize timely updates, to stay one step ahead of evolving cyber threats.<\/p>\n\n\n\n To tackle these growing cyber threats, businesses need to step up their security game. Taking action in these key areas can make a big difference:<\/p>\n\n\n\n No company can face today\u2019s cyber threats on its own. Collaboration between private businesses and government agencies is more than helpful \u2014\u00a0it\u2019s imperative. Sharing threat intelligence in real-time allows organizations to respond faster and stay ahead of emerging risks. Public-private partnerships can also level the playing field by offering smaller companies access to resources like funding and advanced security tools they might not otherwise afford.<\/p>\n\n\n\n The aforementioned World Economic Forum\u2019s report makes it clear: Resource constraints create gaps in cyber resilience. By working together, business and the government can close those gaps and build a stronger, more secure digital environment \u2014\u00a0one that\u2019s better equipped to prevent increasingly sophisticated cyberattacks.<\/p>\n\n\n\n Some businesses may argue that implementing stricter cybersecurity measures is too expensive. However, the price of doing nothing could be much higher. According to IBM, the average cost of a data breach rose to $4.88 million in 2024, up from $4.45 million in 2023, marking a 10% increase \u2014\u00a0the highest since the pandemic in 2020.\u00a0<\/p>\n\n\n\n Businesses that have already taken steps towards more secure systems benefit from faster incident response times and greater trust from customers and partners who want to keep their data safe. For instance, Mastercard developed a real-time fraud detection system that uses machine learning (ML) to analyze transactions globally. It has reduced fraud, boosted customer trust and improved security for customers and merchants through instant suspicious activity alerts.<\/p>\n\n\n\n Such companies also save costs. IBM reports that two-thirds of organizations are now integrating security AI and automation into their security operations centers. When widely applied to prevention workflows \u2014\u00a0such as attack surface management (ASM) and posture management \u2014\u00a0these organizations saw an average reduction of $2.2 million in breach costs compared to those not using AI in their prevention strategies. \u00a0<\/p>\n\n\n\n America\u2019s critical infrastructure is only as strong as its weakest link \u2014 and right now, that link is business cybersecurity. Weak private-sector defenses pose a serious risk to national security, the economy and public safety. To prevent catastrophic outcomes, decisive action is needed from both businesses and the government.<\/p>\n\n\n\n Fortunately, progress is underway. Former President Biden\u2019s executive order on cybersecurity, requires companies working with the federal government to meet stricter cybersecurity standards. This initiative encourages business leaders, investors and policymakers to enforce stronger safeguards, invest in resilient infrastructure and foster industry-wide collaboration. By taking these steps, the weakest link can become a powerful line of defense against cyber threats.<\/p>\n\n\n\n The stakes are too high to ignore. If businesses \u2014\u00a0government partners or not \u2014\u00a0fail to act, the systems everyone relies on could face more serious and devastating disruptions.<\/p>\n\n\n\n Vincentas Baubonis leads the <\/em>team at Cybernews<\/em>. <\/em><\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>A mismatch between risks and preparedness<\/h2>\n\n\n\n
The business-national security nexus<\/h2>\n\n\n\n
Mitigating the risks<\/h2>\n\n\n\n
\n
Collaboration is key<\/h2>\n\n\n\n
The business case for proactive security<\/h2>\n\n\n\n
A call to action for business leaders<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n