Critical national infrastructure (CNI) is an umbrella term representing various service industries essential to national function (Telecommunication), survival (Energy/Power), and social wellbeing (Medical). Responding to increasing national demands, more CNIs are joining the digital revolution to streamline operations and enhance productivity. However, despite the adoption of intelligent automation, we are still seeing a growing rate of malicious breaches amongst these enterprises. In a rapidly evolving cyber threat landscape, our business-driven culture only serves to degrade the broader security wellbeing. It is thus imperative for corporate CNI decision makers to understand the realities and limitations facing their facilities.