New research published by DNV reveals that the energy industry is ramping up its cyber security spending this year in response to heightened geopolitical tensions and the rapid adoption of digitally connected infrastructure
The study, which surveyed 600 energy professionals, highlights growing concerns over the sector's vulnerabilities to emerging cyber threats.
According to the findings, a majority of respondents (59%) state that their organisations are investing more in cyber security in 2023 compared to the previous year. This increased investment reflects the industry's acknowledgment that cyber-attacks are not a matter of ‘if’ but ‘when’. In fact, two-thirds (64%) of the respondents believe that their organisation's infrastructure is now more vulnerable to cyber threats than ever before, attributing this vulnerability to the prevailing geopolitical tensions.
DNV's research report, Energy Cyber Priority 2023: Closing the gap between awareness and action, reveals a growing maturity in the energy industry's understanding of cyber risks. Six in ten industry professionals confirm that cyber security has become a regular agenda item in the boardroom discussions, while a majority (77%) report that it is treated as a business risk within their organisations. The research also emphasises the critical role of cyber security in enabling digital transformation initiatives, with a staggering 89% of energy professionals considering it a prerequisite for the industry's future.
Ditlev Engel, CEO of energy systems at DNV, said, "Cyber security is critical for the energy industry, for the industry's digital transformation, and for the acceleration of the energy transition." He further emphasises the interconnectedness of safety, security, and the deployment of clean energy technologies required to meet the goals of the Paris Agreement.
Despite the increased awareness, maturity, and investment in cyber security, the research reveals that less than half of the energy professionals believe their organisations are investing enough. Only one in three expressed confidence in their organisation's investments in securing their operational technology (OT).
Geopolitical uncertainty has played a significant role in raising awareness about the potential vulnerabilities in OT. Energy professionals are increasingly conscious of the potential for cyber criminals to cause operational shutdowns and disable safety systems, leading to a greater focus on OT security. Jalal Bouhdada, global segment director of cyber security at DNV, commented, "Some in the industry don't think an attack is something that will happen specifically to them, and they don't dedicate enough budget and resources."
To unlock increased budgets for cyber security, energy professionals point to regulation as the primary driver, followed by the occurrence of a cyber incident or near miss. The industry must prepare to comply with new, stricter cyber security requirements in the coming years, as authorities urge energy businesses to enhance their resilience against emerging threats.
Another significant challenge highlighted in the research is the shortage of cyber security skills and the need for effective collaboration. Energy professionals expressed concerns about their organisations' ability to recruit and retain talent to protect against cyber security threats. Communication and collaboration between cyber security professionals and operational teams, as well as with top-level executives, remain areas that require improvement. Bridging this ‘cyber-perception gap’ and fostering better collaboration is crucial for strengthening the security of energy assets and infrastructure.
From the report, DNV recommends energy organisations take the following actions:
• Step up efforts to enhance cyber security
• Build cyber maturity
• Improve communication and collaboration
• Build capacity and unlock resources
• Prepare for new regulation.
