Cyber-attacks on critical infrastructure

Critical infrastructure, like power generation and distribution, is becoming more complex and reliant on networks of connected devices. Just decades ago, power grids and other critical infrastructure operated in isolation. Now they are far more interconnected, both in terms of geography and across sectors. The failure of one critical infrastructure could result in a devastating chain reaction.

Unsurprisingly, the vulnerability of critical infrastructure to cyber-attacks and technical failures has become a big concern. And fears have been given credence by recent events.

In December 2015, the world witnessed the first known power outage caused by a malicious cyber-attack. Three utilities companies in Ukraine were hit by BlackEnergy malware, leaving hundreds of thousands of homes without electricity for six hours. And since the beginning of the war in Ukraine in 2022, similar attacks on power grids have also been reported. Meanwhile, in May 2021, a ransomware attack by the cyber criminal group DarkSide targeted Colonial Pipeline, a major fuel pipeline operator in the US. The attack disrupted fuel supplies across the East Coast, causing panic buying and fuel shortages. Earlier in 2021, a hacker gained access to the water system of a city in Florida and increased the amount of sodium hydroxide (lye) in Oldsmar’s water treatment system. Fortunately, a worker spotted it and reversed the action.

The energy sector is one of the main targets of cyber attacks against critical infrastructure, but as the above examples show, it is not the only one. Transport, public sector services, telecommunications and critical manufacturing industries are also among those most vulnerable.

In one of the most disruptive incidents of 2025, a ransomware attack halted production at UK luxury car manufacturer Jaguar Land Rover (JLR). Affecting over 5,000 organizations in JLR’s supply and distribution chain, the cyber-attack is estimated to have cost as much as £2.1bn [1] (US$2.8bn) which would rank it among the most costly cyber incidents ever in the UK. The attack contributed to a 30% decline in UK car production in October, as well as the surprise fall in UK GDP [2] in the same month.

A global internet outage caused by a major cyber-attack or technology failure, disrupting digital operations and communications worldwide, is regarded as the second most plausible Black Swan business scenario globally in the next five years, according to new Allianz Risk Barometer analysis, which surveyed more than 3,000 risk management experts from almost 100 countries and territories (47% of respondents, ranking only behind global supply chain paralysis due to a geopolitical conflict halting the movement of goods and raw materials). It ranks as the most feared event for respondents in the Americas (49%) and Africa and Middle East (51%) regions, as well as in the UK (69%), Brazil (48%), Colombia (55%), India (42%) and Australia (45%), for example. Global internet outage also ranks top according to respondents from smaller companies (<US$100mn annual revenue) and those from the financial services, professional services, government, technology, telecoms, media, entertainment, and hospitality sectors.

Concern about a global internet outage reflects the growing awareness of cyber risk and digital interdependency, which has accelerated since the Covid-19 pandemic. Recent years have seen a number of near misses – a flawed update of CrowdStrike software in 2024 affected millions of systems running Windows, while a system error at internet infrastructure provider AWS in October 2025 caused a widespread internet outage, affecting over 1,000 companies [3] and millions of internet users. Costs from the CrowdStrike event alone have been estimated as being as high as billions of dollars [4].

A global internet outage could arise from multiple scenarios, including a malicious cyber-attack or technical failure affecting a critical infrastructure or service provider, or the consequence of an external event, such as extreme weather or a solar storm – in 2025, Lloyd’s [5] estimated the global economy could be exposed to losses of US$2.4trn over a five-year period from a hypothetical solar storm, while two years earlier it estimated a major global cyber-attack could trigger a US$3.5trn [5] loss over a five-year period.

Tech company Cloudflare [6] tracked over 180 internet disruptions worldwide in 2025. Some lasted several days, resulting from a wide range of causes, including power outages, subsea communications cable damage, as well as technical glitches.

The risk of a global outage could also increase with the growing reliance on a small number of technology companies. In Allianz Commmercial's Business Black Swans report, Michael Bruch, Global Head of Risk Consulting Advisory Services says: “We are facing a new kind of ‘monopoly risk’ as critical digital infrastructure becomes concentrated among a small number of providers. A single point of failure – whether technical or cyber-related – could trigger global repercussions. Building resilience against these systemic exposures should be a priority for every organization.”