Richard Hilson, Director of Sales & Marketing at PFL Access Management, examines how hybrid threats are forcing data centre operators to rethink security across physical, digital and aerial domains.

The UK’s critical national infrastructure (CNI) has historically been protected by some of the most stringent security measures in place. Now, data centres have been formally designated as CNI, highlighting both their importance and their exposure to attack.

But we now sit firmly in an era of converged, or hybrid, threats, where cyber, physical and aerial risks are overlapping and targeting the same high-value assets.

Historically, security for critical assets has largely been siloed. Cybersecurity teams protect networks and data, physical security teams manage access control and perimeter protection, and airspace, in most cases, has remained largely ungoverned until the past decade or so.

But the structure and nature of threats have evolved. According to the UK’s National Cyber Security Centre (NCSC), the country is now facing around four nationally significant cyber incidents per week. At the same time, geopolitical tensions are increasingly playing out through physical and digital infrastructure disruption.

We are living in the converged threat era. Attackers are no longer constrained by those silos; rather, they are actively exploiting the gaps between them, with hybrid threats combining multiple factors to achieve their aim.

The hybrid threat

A typical campaign might begin with identifying vulnerabilities in IT or operational technology (OT) environments. This may be followed by physical surveillance, potentially conducted via drones, to map access points and security weaknesses.

Reports that drone incidents near sensitive UK sites have more than doubled year-on-year show how low-cost, accessible technology can now bypass traditional perimeter controls. At the same time, the physical infrastructure underpinning the digital economy remains exposed, with 95% of global data traffic dependent on subsea cables that are vulnerable to disruption.

Securing distributed, high-value infrastructure

For CNI environments, which are often lightly staffed and in remote or hard-to-reach locations, the security challenges have escalated. Data centres are a prime example. They underpin the digital economy, but many operate with minimal on-site personnel, relying instead on remote management and automation.

There are now between 11,000 and 12,000 data centres globally, supporting everything from financial services and AI workloads to critical government systems. In the UK alone, the sector generates around £4.7 billion in annual gross value added (GVA) and supports more than 43,000 jobs, with projections suggesting it could unlock a further £44 billion in economic impact by 2035. However, this has also made them increasingly attractive targets.

Recent incidents underline this risk, with several high-profile cyberattacks targeting data centre operators and cloud providers, disrupting services and exposing vulnerabilities.

In 2024, the high-profile Snowflake breach demonstrated how attackers are increasingly targeting shared cloud and data infrastructure to create widespread downstream disruption, with multiple major organisations affected through a single attack.

Physical threats to data centres are also growing, and security approaches are adapting in response, particularly as many facilities become more automated. In 2025, a major data centre fire in South Korea caused widespread disruption and was cited as one of the year’s most significant infrastructure resilience failures.

Another issue security commentators have been talking about for years is the danger posed by insider threats, whether from employees, contractors or third-party personnel. Given the value of the information held within data centres, and the potential losses if this information is compromised, facilities can be targeted through malicious intent, negligence or coercion.

Data centres tend to be designed to run on remote monitoring, automation and centralised control systems. This delivers efficiency, but it also creates vulnerabilities where threats can go undetected for longer periods. The same is true of other areas of CNI, including energy infrastructure, transport networks and logistics hubs.

Despite this, security strategies have largely been fragmented, and physical security systems often operate independently of cybersecurity platforms. Access control data is not always integrated with wider threat intelligence, and airspace monitoring, where it exists, is rarely connected to ground-based systems outside government and military circles.

In converged threat environments, this becomes a liability. An isolated access control system may detect unauthorised entry, but without integration into wider frameworks, it cannot provide context. Similarly, a cybersecurity platform may identify unusual activity, but without visibility of physical access points, it may miss a critical link.

The same applies to drone activity, where detection alone is insufficient if it is not connected to incident response protocols or wider security systems.

Introducing the multi-layered approach

Security is evolving into a multi-layered, intelligence-led model, reflecting the reality of hybrid threats.

At ground level, this means robust perimeter protection and intelligent access control. Modern systems increasingly go beyond basic entry management, incorporating real-time data, ID verification and integration with wider security platforms. The goal is to achieve a more complete view of access control, with a clearer understanding of who is on site, why they are there, and whether any activity aligns with expected patterns.

The CNI community is also paying closer attention to the growing airspace challenge. Counter-UAS, or counter-drone, capabilities, including drone detection, are becoming an increasingly important part of CNI security. Equally important is the digital layer, with continuous monitoring of IT and OT environments providing visibility into network activity, system performance and potential compromise.

This can help organisations build real-time situational awareness, where data from multiple sources is collected and analysed to provide a more comprehensive view of risk. An access control event can be linked to network activity, drone detection can trigger responses across physical and digital systems, and, over time, patterns can be identified.

This is increasingly reflected in the direction of policy and regulation across governments and international bodies. From the UK’s formal designation of data centres as CNI to broader initiatives from NATO and the EU, policymakers are recognising that digital infrastructure is of strategic national importance. As geopolitical tensions rise, scrutiny of how data centres are secured is likely to intensify.

As such, the traditional security model is no longer enough. As data centres continue to grow in both scale and strategic importance, and as the volume of critical data they store and process accelerates, perimeter defence alone cannot provide adequate protection. Nor can a security strategy focused solely on cyber risk.

However, there are clear signs that security strategy is evolving to meet the changing landscape by adopting a layered, intelligence-led approach – one that recognises data centres as interconnected, high-value assets requiring integrated protection across physical, digital and aerial domains.