CRITICAL infrastructure organisations face a structurally different threat landscape in 2026, with threat actors moving from data theft to long-term, covert access and disruptive operations, according to the article. Five facts define the resilience priorities for CI leaders this year, centred on identity as the dominant attack pathway, the expanded risk from cloud and hybrid IT–OT environments, and concerns over nation-state prepositioning and misconfiguration-driven access.
The piece notes that more than 97% of identity-based attacks target password-based authentication, that cloud and hybrid incidents rose 26% in early 2025, and that 12% of intrusions originate from exposed remote services, underscoring the continual exposure risk. It also highlights nation-state activity, citing Volt Typhoon and a CISA advisory warning of persistent access inside U.S. critical infrastructure that could be activated during a future crisis.
The water sector is used as a concrete example of how practical, hands-on readiness improves cyber resilience, with findings released on 19 March 2026 in collaboration with the Cyber Readiness Institute and the Center on Cyber Technology and Innovation. The article also references regulatory moves in the U.S., Japan, Europe and Canada, including the US National Cybersecurity Strategy and Japan’s Active Cyber Defense legislation, to frame the imperative for continuous readiness, according to CISA Advisory AA24-038A.