Business|Defence|Energy|Environment|Gas|Industrial|Oil And Gas|Pipelines|Power|Risk Management|Safety|SECURITY|System|Systems|Technology|Training|Equipment|Infrastructure|Operations
Business|Defence|Energy|Environment|Gas|Industrial|Oil And Gas|Pipelines|Power|Risk Management|Safety|SECURITY|System|Systems|Technology|Training|Equipment|Infrastructure|Operations

Energy sector expects increase in cyberattacks, research shows

26th May 2022

By: Schalk Burger

Creamer Media Senior Deputy Editor


Font size: - +

New research published by risk management and quality assurance company DNV shows that energy executives anticipate life, property and environment-compromising cyberattacks on the sector within the next two years.

The ‘Cyber Priority’ report finds that 85% of professionals working in the power, renewables, and oil and gas sectors believe a cyberattack on the industry is likely to cause operational shutdowns and 84% expect damage to energy assets and critical infrastructure.

Three-quarters, or 74%, expect an attack to harm the environment, while 57% anticipate it will cause loss of life. Rising fears over new and more extreme consequences of cyberattacks follow a series of high-profile security breaches in the energy industry in recent years.

“Energy companies have been tackling information technology (IT) security for several decades. However, securing operational technology (OT), which is the computing and communications systems that manage, monitor and control industrial operations, is a more recent and increasingly urgent challenge for the sector,” says DNV cybersecurity MD Trond Solberg.

“As OT becomes more networked and connected to IT systems, attackers can access and control systems operating critical infrastructure such as power grids, wind farms, pipelines and refineries. Our research finds the energy industry is waking up to the OT security threat, but swifter action must be taken to combat it. Less than half (47%) of energy professionals believe their OT security is as robust as their IT security,” he adds.

The report explores the state of cybersecurity in the energy sector and is based on a survey of more than 940 energy professionals around the world and in-depth interviews with industry executives.

Six-in-ten C-suite level respondents to DNV’s survey said their organisation is more vulnerable to an attack than it has ever been. However, fewer than half, or 44%, of C-suite respondents believe they need to make urgent improvements in the next few years to prevent a serious attack on their business, and 35% of energy professionals say their company would need to be impacted by a serious incident before investing in their defences, the survey showed.

“Our research gives a strong signal that the industry needs to make urgent investments to ensure that cybersecurity does not become the cause of future damage to life, property and the environment,” Solberg says.

One explanation for some companies’ apparent hesitance to invest in cybersecurity may be that most respondents believe that their organisation has so far avoided a major cyberattack. Less than a quarter, at 22%, suspect their organisation has been subject to a serious breach in the past five years.

“It is concerning to find that some energy firms may be taking a ‘hope for the best’ approach to cybersecurity rather than actively addressing emerging cyberthreats. This draws distinct parallels to the gradual adoption of physical safety practices in the energy industry over the past 50 years,” he says.

Further, DNV’s research also indicates that concern about emerging threats has grown following Russia’s invasion of Ukraine, with two-thirds, or 67%, of energy professionals saying recent cyberattacks on the industry have driven their organisations to make major changes to their security strategies and systems.

Meanwhile, DNV recommends that the first step to strengthen defences is to identify where critical infrastructure is vulnerable to attack.

The ‘Cyber Priority’ report shows that, while many organizations are investing in vulnerability discovery, these efforts are not being sufficiently extended to include companies they partner with and procure from.

Just 28% of energy professionals working with OT say their company is making the cyber security of their supply chain a high priority for investment. This contrasts with the 45% of OT-operating respondents who say expenditure in IT system upgrades is a high investment priority.

“Our research identifies ‘remote access to OT systems’ among the top three methods for potential cyberattacks on the energy industry. We would urge the sector to pay greater attention to assuring that equipment vendors and suppliers demonstrate compliance with security best practice from the earliest stages of procurement,” said industrial cybersecurity company and DNV subsidiary Applied Risk founder and CEO Jalal Bouhdada.

Additionally, despite emerging cybersecurity threats, DNV’s research reveals that less than a third, at 31%, of energy professionals assert confidently that they know exactly what to do if they were concerned about a potential cyber-risk or threat on their organisation.

This finding points to a need for energy companies to invest in training employees to spot instances of criminal attempts to gain access to their systems and 57% of energy professionals say their employer’s cybersecurity training is effective, he says.

“A company’s workforce is its first line of defence against cyberattacks. Effective workforce training, combined with ensuring you have the right cybersecurity expertise in place, can make all the difference to safeguarding critical infrastructure.

“Our research shows a clear need for companies to carefully evaluate their investments in keeping their people well informed of how to identify and respond to incidents in a timely manner,” says Bouhdada.

Edited by Chanel de Bruyn
Creamer Media Senior Deputy Editor Online


Latest Multimedia

Photo of Martin Creamer
On-The-Air (21/06/2024)
Updated 1 hour 45 minutes ago By: Martin Creamer


Hanna Instruments Image
Hanna Instruments (Pty) Ltd

We supply customers with practical affordable solutions for their testing needs. Our products include benchtop, portable, in-line process control...

John Deere (Pty) Ltd
John Deere (Pty) Ltd

In 1958 John Deere Construction made its first introduction to the industry with their model 64 bulldozer.


Latest Multimedia

sponsored by

Magazine round up | 21 June 2024
Magazine round up | 21 June 2024
21st June 2024
Corobrik sets out plans for its Rietvlei operations
Corobrik sets out plans for its Rietvlei operations
19th June 2024

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?







sq:0.489 0.547s - 172pq - 2rq
Subscribe Now