The energy sector is increasingly recognizing cybersecurity as a critical component of business risk management. With the rise in cyber threats, energy companies are ramping up their investments in cybersecurity to safeguard their operations. This article explores the current state of cybersecurity within the energy sector, highlighting key trends, challenges, and strategies for improvement. The shift in attitude towards cybersecurity is driving companies to enhance their protective measures and allocate more resources to securing their infrastructure against cyber-attacks.
Growing Recognition of Cybersecurity Risks
Energy companies are now prioritizing cybersecurity at the highest levels of their organizations. The recognition of cybersecurity risks is influencing strategic decisions, leading to a significant increase in investment in cybersecurity measures. According to research by DNV Cyber, two-thirds of energy professionals report that their leadership considers cybersecurity the greatest current risk to their business. This heightened awareness is not only reflected in the boardrooms but also in the way resources are being allocated, with over two-thirds expecting their companies to boost their cybersecurity budgets this year.
The “Energy Cyber Priority” report underscores the progress made by energy companies in enhancing their cybersecurity measures. A major factor contributing to this progress is the heightened awareness of cyber threats at the leadership level. Approximately 78% of energy professionals express confidence that their leaders understand cyber risk adequately. This understanding is crucial as it translates into strategic actions and investments aimed at fortifying the company’s cybersecurity posture. Moreover, this awareness is complemented by increased employee training, with over eight in 10 employees knowing the exact steps to take when faced with a potential cyber threat.
Focus on Operational Technology (OT) Cybersecurity
Attention to operational technology (OT) cybersecurity is increasingly critical as these systems manage, monitor, and automate physical assets, posing unique challenges and becoming major targets for cyber attacks. Two-thirds of energy professionals foresee greater investment in OT security in the coming year. The energy transition, characterized by a substantial push towards digital technologies, has expanded the industry’s attack surfaces, introducing new vulnerabilities. This shift is crucial for modernizing infrastructure but also necessitates enhanced protective measures to counter evolving cyber threats.
The integration of digital technologies crucial to the energy transition has broadened the exposure to cyber risk due to increased use of sensitive data, greater reliance on third-party tools, and interconnected environments that enable hackers to infiltrate from one system to another. Ditlev Engel, CEO of Energy Systems at DNV, emphasizes that cybersecurity is fundamental to achieving climate goals and ensuring energy security in a hostile and uncertain geopolitical landscape. The interconnected environments introduce risks that require holistic cybersecurity strategies to protect against sophisticated and increasingly frequent cyber-attacks.
Challenges in the Energy Transition
Despite substantial efforts, challenges persist in the energy transition that necessitate accepting additional cyber risks as a trade-off for innovation. This perspective is shared by 49% of surveyed energy professionals, highlighting the complexity of balancing technological advancement with security. Growing geopolitical tensions have further heightened the focus on cybersecurity, with three-quarters of respondents reporting increased attention due to these tensions. Concerns about foreign-directed attacks have risen significantly, with 72% expressing apprehension compared to 62% in 2023. This shift signifies a pressing need for more sophisticated cybersecurity measures to combat increasing threats.
Additionally, worries about threats from cyber-criminal gangs have surged, with 79% concerned in 2024, up from 50% in 2023. Concerns about malicious insiders have also increased from 51% in 2023 to 62% this year. These figures underscore the evolving nature of cyber threats that energy companies face, requiring a dynamic and proactive approach to cybersecurity. Auke Huistra, Director of Industrial and OT Cybersecurity at DNV Cyber, notes that the energy industry’s maturation in cybersecurity must continue to evolve to counteract increasingly sophisticated threats. The threats include supply chain attacks, recruitment of malicious insiders, and the use of AI by adversaries, all of which necessitate robust, multi-layered cybersecurity frameworks.
Addressing Key Cybersecurity Challenges
DNV Cyber’s report, “Energy Cyber Priority 2025: Addressing Evolving Risks, Enabling Transformation,” identifies five principal challenges for energy companies to overcome. These include securing physical infrastructure, addressing complex cybersecurity supply chains, enhancing employee vigilance, embedding new skills in the workforce, and embracing AI. The connection between physical infrastructure and modern IT architectures introduces new vulnerabilities that threat actors exploit. More than two-thirds of energy professionals believe their organizations are more vulnerable to OT cyber events than ever before, up from 64% in 2023. Furthermore, over half acknowledge that their OT defenses lag behind their IT defenses, highlighting the need for improved OT cybersecurity measures.
The incorporation of robust security measures across both OT and IT systems is vital for defending against cyber threats. Supply chain security is another critical area of concern as threat actors target suppliers to gain access to large assets. About half of energy professionals indicated that cybersecurity issues are generally included in procurement requirements and processes. However, only 16% have strong confidence in their organization’s ability to demonstrate full supply chain visibility and identify vulnerabilities. Additionally, over a third suspect undisclosed breaches among their suppliers, emphasizing the need for comprehensive and transparent supply chain security measures to mitigate potential risks.
Supply Chain Security and Employee Vigilance
Supply chains, being an integral part of energy companies’ operations, present significant cybersecurity challenges. Threat actors target suppliers to gain access to large assets, making it imperative for companies to include cybersecurity issues in procurement requirements and processes. About half of energy professionals report that cybersecurity issues are generally addressed during procurement. However, only 16% have strong confidence in their organization’s ability to demonstrate full supply chain visibility and identify vulnerabilities. Over a third of energy professionals suspect undisclosed breaches among their suppliers, highlighting the complexities and hidden risks within supply chains.
Employee vigilance plays a crucial role in strengthening a company’s cybersecurity defenses, though it remains challenged by evolving adversary tactics. Seventy-six percent of energy professionals worry that their cybersecurity training is insufficient to counter increasingly sophisticated attacks. Skill gaps also pose a challenge, with 46% identifying a lack of talent as a significant barrier to securing their organizations. Continuous training and upskilling of employees are essential to ensure they are equipped to detect and respond to advanced cyber threats. Creating a cybersecurity-aware culture within the organization is vital for enhancing overall security posture.
The Role of AI in Cybersecurity
The energy sector is increasingly viewing cybersecurity as a vital part of business risk management. As cyber threats continue to grow, energy companies are significantly increasing their investments in cybersecurity measures to protect their operations. This article delves into the current status of cybersecurity within the energy industry, emphasizing important trends, challenges, and strategies for enhancement. The evolving mindset towards cybersecurity is prompting companies to bolster their protective mechanisms and allocate additional resources to secure their infrastructure from cyber-attacks.
The rising frequency and sophistication of cyber threats are reshaping how energy firms approach their security frameworks. Recognizing the potential for substantial financial and reputational damage, companies are prioritizing cybersecurity alongside traditional operational concerns. Common strategies being deployed include advanced threat detection systems, staff training programs focused on cybersecurity awareness, and collaborations with cybersecurity experts. By implementing these measures, the energy sector aims to build a more resilient defense against the constant threat of cyber-attacks, ensuring the continuous and safe operation of their crucial infrastructures.
