Human Factors and Strategic Approaches in Cybersecurity: Threats for Critical Infrastructures in NIS2 Dοmains

In 2024, the intensity and frequency of cyber attacks reached unprecedented levels worldwide, with organizations experiencing a notable 28% increase in weekly incidents compared to late 2023. This sharp escalation brings with it severe financial consequences, with global cybercrime losses projected to soar to $13.82 trillion by 2028. Of particular concern are attacks targeting critical national infrastructure (CNI), where the interconnectedness brought about by Industry 4.0 and accelerated digitalization has significantly broadened the attack surface, exposing essential services to elevated risks. Criminal groups and state-sponsored entities are increasingly exploiting these vulnerabilities, with motives ranging from financial gain to strategic disruption of essential societal functions. This evolving threat landscape underscores the critical importance of the NIS2 Directive, implemented in 2024 to bolster Europe’s cyber resilience by expanding the regulatory framework and enforcing baseline security measures across key sectors, creating a more uniform and robust defense against cyber threats. The healthcare sector, in particular, faces unique cybersecurity challenges due to the sensitive nature of patient data and the rapid adoption of digital health technologies, such as electronic health records (EHRs) and Internet of Medical Things (IoMT) devices. These advances make healthcare infrastructure especially vulnerable to cyber attacks, including ransomware, phishing, and data breaches. The increase in digital touchpoints introduces new entry points for attackers, who can exploit weak security policies, poorly configured devices, and limited cyber readiness. Concurrently, emerging technologies such as generative AI and quantum computing present further complexities. Given these intersecting and evolving risks, this paper aims to provide a comprehensive narrative literature review of cybersecurity threats affecting critical infrastructure, healthcare systems, and advanced digital technologies, with a strong emphasis on proactive and adaptive strategies to mitigate these challenges. Theoretically, this study enriches the field of cybersecurity by synthesizing current research on vulnerability frameworks across diverse industries, presenting a holistic view of the threat landscape and emerging security needs. It bridges gaps in the literature by examining the interplay between policy measures, technological advancements, and security challenges within these sectors. Practically, this study identifies actionable strategies for securing critical systems, with particular attention to regulatory compliance and the need for proactive cybersecurity measures. It translates high-level research into practical insights, providing guidance on real-world applications, such as the operational impact of the NIS2 Directive in Europe and the importance of quantum-safe cryptographic standards. By doing so, the paper equips stakeholders—government agencies, corporate leaders, and IT security teams—with groundwork for navigating the evolving cybersecurity landscape and developing resilient systems. Through this dual theoretical and practical focus, the paper aims to not only expand academic understanding but also empower professionals to implement informed, adaptive, and robust cybersecurity strategies.