In May, cyber risk in the energy sector received global attention following a ransomware attack that caused the shutdown of the largest fuel pipeline in the US. The increasing frequency of cyber threats means organizations cannot ignore the implications that even a single event can have on their operations, or the economic and social jeopardy it may pose. In 2019, 65% of energy organizations found it difficult to keep pace with evolving cyber risks.[1] Three years on, the 2021 Global Risks Report by the World Economic Forum and Marsh, found that cybersecurity failure remains a top risk in terms of both likelihood and impact.
The scale, sophistication, and severity of cyber-attacks continue to evolve, driven by nation states, criminals, terrorists, hacktivists, and insiders. Digitalization in the energy sector and greater reliance on operational technology (OT) data broadens the interface between IT and OT, creating a dramatically larger attack surface for potential hackers. These operational transformations create opportunities and risks that must balance the benefits of digitalization and the need for cybersecurity. At a whole of system level, the interconnectivity and complexity of energy sector value chains increases the susceptibility of critical infrastructure to malfunction or sabotage, with a potential ripple effect and cascading impact.