AI is Attacking Critical Infrastructure: SOCI Compliance Starts Now
AI-powered cyber attacks are accelerating at speed, scale and severity with critical infrastructure now an attractive target for state-sponsored cyber actors.
According to the Annual Cyber Threat Report 2024-25, critical infrastructure entities in Australia reported potential malicious cyber activity over 190 times, up 111% from the previous 12 months.
The top three reported cyber security incident types for critical infrastructure are:
Compromised Asset/Network/Infrastructure: 55%
DoS/DDoS: 23%
Compromised Account/Credentials: 19%
Threat actors are using AI to identify weaknesses in critical infrastructure, automate intrusion pathways, and execute highly personalised attacks against people, systems and supply chains.
Utilities, government agencies and healthcare providers are now prime targets – not just for data, but for disruption.
The shift is clear: attacks are becoming faster, smarter and more precise, and critical services are increasingly in scope.
At the same time, Australian businesses now view the Security of Critical Infrastructure (SOCI) Act as more than a compliance requirement.
These two forces are not running in parallel – they are colliding.
AI is fundamentally changing the economics of cybercrime. Attackers can scan environments at scale, exploit vulnerabilities before they are patched, and craft phishing campaigns that bypass traditional awareness training.
In sectors where uptime is critical and systems are complex – often spanning legacy infrastructure and modern cloud – this creates a dangerous imbalance.
SOCI was designed to close that gap.
The New Reality: AI-Driven Threats Targeting Critical Sectors
Healthcare organisations continue to face some of the highest attack volumes globally, where even short outages can directly impact patient outcomes.
Utilities face growing exposure in operational technology (OT) environments, where disruption can cascade across essential services.
Government agencies are under constant pressure from actors seeking to compromise sensitive data and undermine public systems.
AI accelerates all of this.
Threat actors are now able to map infrastructure faster, move laterally with greater precision, and exploit human behaviour more effectively. The result is a step change in both frequency and impact – reflected in rising cybercrime costs and increasingly sophisticated breach scenarios.
According to the Annual Cyber Threat Report 2024-25, large businesses in Australia now face a 219% increase in average cybercrime costs, totalling approximately $202,700.
In this environment, SOCI is not just compliance. It is a baseline for resilience.
SOCI Compliance Must Evolve into Active Defence
The risk for many organisations is assuming that meeting SOCI requirements equals security. It does not.
SOCI defines what must be in place – risk management programs, incident response plans, and supply chain oversight. But whether those controls work in practice – under the pressure of an AI-enabled attack – is what matters.
This is where gaps are emerging.
Controls are documented but not stress-tested. Risks are identified but not continuously monitored. Third-party dependencies are known but not actively validated. In an AI-driven threat landscape, these weaknesses are quickly exposed.
“Cyber investment should be recognised as a strategic enabler, not a cost of compliance. The real return lies in how it accelerates business outcomes, helping organisations innovate safely, move faster to market, and operate with greater confidence. The focus is shifting from compliance to capability, building adaptive, intelligence-led defences, improving visibility across IT and OT environments, and embedding cyber into the ‘DNA’ of digital transformation and customer trust.”
What Critical Infrastructure Operators Must Do Now
SOCI compliance is now enforceable. AI-powered attacks are already scaling. The gap between the two – between compliance on paper and resilience in practice – is where organisations are being exposed.
For CIOs and IT leaders, the priority is immediate: validate your posture, identify gaps, and act quickly.
Because in critical infrastructure, the consequences of delay are not just technical – they are operational, financial and societal.
In response, businesses must:
Move from static to continuous risk management: AI-driven threats evolve daily. SOCI programs must evolve with them.
Test response capability in real-world scenarios: Run simulations that reflect modern attack methods, including AI-enabled phishing and automated intrusion attempts.
Prioritise visibility across IT and OT: Fragmented environments create blind spots. Unified visibility is essential to detect and respond early.
Strengthen supply chain assurance: Attackers are increasingly targeting partners as entry points. SOCI requires oversight – leading organisations enforce it.
Elevate cyber to the executive agenda: AI risk is business risk. Boards must understand both exposure and response readiness.
SOCI programs that have either not been created or tested against real-world, AI-driven threats, are operating with unknown risk.
A structured Compliance Gap Assessment provides a clear view of where businesses stand – mapping environments against SOCI requirements, identifying weaknesses, and delivering a practical roadmap to strengthen resilience.
SOCI may define the rules. But in an AI-driven threat landscape, resilience is defined by how quickly businesses act.