A recent report by DNV Cyber reveals that energy companies are increasingly recognising cybersecurity as a critical concern, with 65% of energy professionals stating that their leadership views it as the greatest current risk to their business. The research indicates that more than 71% of these professionals anticipate increased investments in cybersecurity over the coming year.
The findings from the Energy Cyber Priority report highlight a growing awareness of cybersecurity at the leadership level, with 78% of professionals confident that their leaders understand cyber risks. Employee training has also seen improvements, as 84% of respondents know how to respond to potential cyber threats. Despite this progress, the energy sector faces ongoing challenges, particularly with the increasing complexity of operational technology (OT) security.
“Achieving the energy transition is central to society at large. The whole energy sector—companies and governments alike—are working together on this massive challenge,” said Ditlev Engel, CEO of Energy Systems at DNV. He noted that as the technologies driving the energy transition become more digital, they also introduce new cybersecurity risks.
The report underscores the dual nature of digital technologies; while they are essential for the energy transition, they also expand exposure to cyber threats. This includes a greater reliance on sensitive data and third-party tools, which can create vulnerabilities.
“Cybersecurity should be a priority for all players in the energy sector to achieve climate goals and guarantee energy security.” Ditlev Engel
The research highlights a shift in attitudes towards cyber risk, with 49% of professionals believing that organisations should accept additional cyber risk as a necessary trade-off for innovation. This sentiment is echoed by the fact that 75% of respondents reported increased focus on cybersecurity due to rising geopolitical tensions, and 72% expressed concern over potential attacks from foreign powers.
Auke Huistra, director of Industrial and OT Cybersecurity at DNV Cyber, emphasised the need for the energy sector to adapt to increasingly sophisticated threats. “Even as the energy industry becomes more mature in its cybersecurity posture, it must continue to strengthen and adapt to remain resilient against a growing number of threats,” he said.
The report identifies five key challenges that energy companies must address to enhance their cybersecurity efforts: securing physical infrastructure, managing complex cybersecurity supply chains, enhancing employee vigilance, embedding new skills in the workforce, and embracing AI technologies.
The growing interconnectedness of physical infrastructure and digital systems has heightened vulnerabilities, with 71% of professionals acknowledging that their organisations are now more susceptible to OT cyber events than ever before.
Additionally, concerns about supply chain vulnerabilities persist, with only 16% of professionals feeling confident about their organisation’s visibility into potential cybersecurity issues among suppliers.
As the energy sector navigates these challenges, the emphasis on robust cybersecurity practices becomes increasingly vital to safeguard against evolving threats and ensure the success of the energy transition.