Achieving cybersecurity maturity in the energy sector is a work in progress, new research from DNV has indicated.

The study, based on a survey of almost one thousand energy professionals across the world, has revealed that most believe a major incident is probable within the next two years and most likely to cause operational shutdowns and damage to assets, harm to the environment or loss of life. Notably two-thirds acknowledged that the shock of recent cyber incidents, such as the 2021 ransomware attack on the Colonial pipeline, has driven them to make major changes to their security strategy and systems. However, despite the anticipation of a serious incident, they seem less likely to believe their own organisation will be affected by the most extreme, life threatening consequences with fewer than one quarter describe this or environmental damage as a top concern.

From their perspective, the greatest concern of an attack is disrupted services and operations, cited by over half, while other top concerns include reputational damage, data loss or corruption and financial losses due to theft or other causes such as lost opportunities. In terms of threat actors, hacktivists and foreign powers and state sponsored actors are the most concerning and competitors of least concern.

Cybersecurity challenges

Based on the survey findings, DNV identifies four key challenges, of which one is a ‘wait and see’ effect, which is holding back overall progress. Still, one-third said their organisation would need to be impacted by a major incident before it would spend any more time or money on its defences. Another is what DNV refers to as the ‘air gap’ between OT and IT closing fast, but fewer of the […]

Image: 123rf