Examining the factors that impact the severity of cyberattacks on critical infrastructures

Abstract

In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.