We are seeing a sharp rise in the number of attacks on critical national infrastructure, especially utility organisations, across the globe. They have traditionally made easy targets as cybersecurity is generally not their key focus. 

Their use of industrial control systems (ICS) that often use legacy operating systems that are hard to patch leaves them highly vulnerable.

Governments needs to do more from a regulatory standpoint as these organisations have massive physical infrastructure investment requirements that they can't ignore. 

Spending money on upgrading power systems supplying hospitals is an easier choice, than spending money on cybersecurity where they know an incident will happen but not when.

Most governments have failed to do enough to address the likelihood of widespread power failures, caused by a cyber attacks. The good news is we are seeing a big shift in the utility industry from protection (gates, guards and guns) to more rapid cybersecurity threat detection and response.