Authors: Jake Hernandez John Farley


The cyber threat landscape continues to evolve, and the attack surface grows alongside new and emerging technology. This new technology provides new opportunities for threat actors to carry out their crimes against just about every industry sector imaginable. Of particular concern are 16 specific targets — the US categories of critical infrastructure that provide essential services to society across a wide swath of industries. These targets include:

  • Chemical
  • Commercial facilities
  • Communications
  • Critical manufacturing
  • Dams
  • Defense industrial base
  • Emergency services
  • Energy
  • Financial services
  • Food and agriculture
  • Government facilities
  • Public health
  • Information technology
  • Nuclear reactors, materials and wastewater
  • Transportation systems
  • Water and wastewater systems

If any one of these is attacked, essential services could be disrupted significantly for citizens and organizations around the globe. This disruption could lead to material impacts to bottom lines and threaten physical security. As a result, the highest levels of the US government have taken deliberate steps to address these systemic cyber risks.

Gallagher's Cyber team continuously tracks threats to critical infrastructure targets. According to a wide range of industry data sources, the incidence of attacks on critical infrastructure by nation-state groups doubled between 2021 and 2022. This surge in cyber threat activity underscores the pressing need for enhanced security measures, particularly within critical infrastructure industries. Specifically, IT, financial services, healthcare, transportation and communications have been focal points for cybercriminals, accounting for about 40% of the total activity.

40% of attacks targets core critical infrastructure sectors.

The financial implications of these security breaches are staggering. This economic impact is even more alarming when considering the root causes behind these breaches. Almost half — about 47% — can be attributed to IT failure or human error, while 28% are caused by ransomware and other destructive attacks.

Despite these threats, many organizations tasked with managing critical infrastructure have been slow to adapt and implement more secure architectures.

The average data breach costs 4.34 million.

Protect your business with the right cyber insurance. It is critical to work with a broker that understands the cyber landscape. At Gallagher, our knowledge extends beyond traditional cyber coverage, as we apply our unique expertise to your cyber concerns.

Learn more about cyber risk and how to protect your business.


Author Information

Jake Hernandez

Jake Hernandez

Lead Consultant — Gallagher Specialty


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis. Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organizations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources. Insurance brokerage and related services provided by Arthur J. Gallagher Risk Management Services, LLC. (License Nos. 100292093 and/or 0D69293). © 2023 Arthur J. Gallagher & Co. | GP45037