Why energy firms struggle with cybersecurity
Structural challenges were amongst the hurdles in addressing cybersecurity.
Energy companies are grappling with cybersecurity issues as only 35% say they are well-positioned to take on cybersecurity threats, lower than the 48% reported in all other industries.
In a report, EY also found that only 22% are satisfied with their non-IT employees’ adoption of best practices.
Energy firms were compelled to transition to more distributed networks including the Internet of Things due to the renewable energy shift. This helps them identify vulnerabilities and develop key controls such as privileged access management, threat detection and response.
However, EY said that the sector faces major structural challenges, citing global oil and gas firms that have localised cybersecurity standards and regulations.
It added that there is also a challenge in the efficient collaboration between cybersecurity functions with plant managers who control operational assets.
Original equipment manufacturers and legacy operation technology environments also pose challenges to change.
“The energy industry has ramped up investment in cybersecurity in recent years. Its status as critical national infrastructure has led to tightening regulatory and compliance pressures to ensure resilience against attacks and failures,” Clinton Firth, EY Global Cybersecurity Lead, Energy, said.
The sector is leaning more towards a “wait until technology is tried and tested” approach compared to other industries. Energy firms’ biggest internal cybersecurity challenge is not prioritising emerging technology integration.
Alam Hussain, EY EMEIA Cybersecurity Leader, also noted that a number of energy firms are investing similar amounts in cyber to financial services “but they have more fragmented IT environments.”
“Energy companies are spider-like. It’s difficult to put in solutions that cover all areas of cyber risk,” he added.