In a DNV survey of 601 energy professionals for its latest Cyber Priority report, 89% deemed cyber security essential for digital transformation. Without robust measures, the sector risks missing out on the benefits of digitalization and embracing opportunities in the evolving energy landscape.
VULNERABILITIES AT EACH STEP
With new energy forms largely still in the early stages of maturity, relatively, there has not been a similar exposure to cyber risks, which perhaps the oil and gas industry has experienced. While 63% of oil and gas professionals say their organization has good oversight of the cyber security vulnerabilities in their supply chain, that number drops to 54% for those working in electric power, renewables, and grid infrastructure. However, many of the challenges they face aren’t new, and history often repeats itself, especially when companies move quickly in emerging or competitive markets.
According to DNV research, energy professionals consider the supply chain one of the top five challenges for cyber security. In other words, having your own house in order only goes so far, and companies must also take steps to ensure that their suppliers adhere to strict protocols.
There is growing awareness around this threat but tackling it is not high on the priority list for many organizations. A further study of OT and IT practitioners across industries by Applied Risk, a DNV company, found that just 27% of companies do due diligence on new suppliers, despite this being a major potential area of vulnerability—possibly providing an easy ‘back door’ to cyber threats.
Generally, investment is also lagging. Fewer than half (42%) of those surveyed think their organization’s current level of investment is sufficient to ensure the resilience of their assets. Just one in three expressed confidence in their company’s investment in OT cyber security. Clearly, despite the optimism beginning to be felt across the industry, there is still progress to be made in building robust defenses.
Despite these challenges, there is recognition that cyber security is an ever-growing threat that must be taken seriously. Indeed, 71% of respondents said that their organization takes cyber security as seriously as it takes physical health and safety.
WHAT’S NEXT?
Cyber security breaches are a case of when, not if. As threat actors evolve and become more creative in their methods of attack, staying at the forefront of defensive practices is essential for offshore companies.
One positive outcome from the research is that 73% of power and renewables professionals say that cyber security is incorporated in the early phases of new energy infrastructure projects. Together with the corresponding result of 55% in the oil and gas industry, it suggests that a new culture is taking shape where resilience is built in from the start.
New regulations, including the imminent EU NIS2 guidelines that require member states and those working within them to adopt a stricter cyber stance, also pose significant challenges for organizations, particularly those in critical-infrastructure sectors such as energy. Similar regulations are also released in other countries. Other cyber security regulations, such as the Cyber Resilience Act and the Machinery Regulation, are anticipated in the EU, and they will have a direct or indirect effect on offshore companies as well as their suppliers.
Offshore operators should consider investing in cyber security now to manage risks, meet compliance standards and expectations from all stakeholders, and potentially even gain a competitive advantage. Given the accelerating energy transition and the growing risks of cyber-attacks in every sector, ever-stronger cyber security resilience is crucial for safety, environmental and financial performance.
This story was originally featured in ON&T’s May issue. Click here to read more.