UK Firms Flag Cybersecurity Fears Over Energy Sector

Two-thirds (65%) of UK businesses are worried about cyber threats in the energy sector which could lead to damaging privacy breaches or even service outages, according to new data from PwC.

The global consultancy polled 500 UK enterprises and found over half (51%) are concerned their data isn’t being handled securely enough by their provider.

This is especially concerning given the increasingly data-driven nature of the sector, with the focus on smart energy systems designed to reduce energy costs and cut carbon emissions.

In total, 57% of businesses, and nearly 70% of those operating in industrial sectors, would switch supplier if their energy provider suffered a data breach, the report claimed.

PwC power and utilities lead, Steve Jennings, said energy companies needed to do more to reassure their clients of their investment in advanced and effective cybersecurity.

“Against a backdrop of technology innovation, privacy regulation, and the growing adoption of the Internet of Things, it’s perhaps not surprising that UK businesses are concerned about cyber threats,” he argued in a statement.

“With cyber-criminals able to turn off the supply tap as well as monetize data from energy firm’s customer and employee digital records, the risk is clear and cannot be ignored.”

Some of the most serious cyber-attacks on the energy sector in recent memory have been those directed at Ukrainian power stations, causing widespread outages in the country in December 2015 and 2016.

PwC also warned that by targeting suppliers, cyber-spies could also work their way inside corporate networks to find sensitive data and IP.

The value of hitting the supplier in this case is that they can infiltrate many organizations through only a few targets.

The consultancy urged energy firms to vet their third-party suppliers more rigorously, to limit the number of devices allowed to connect to their ecosystem, and to ensure all data is protected with strong encryption.

The coming General Data Protection Regulation (GDPR) will also add extra urgency to reviews of incident response plans, PwC added.

What’s Hot on Infosecurity Magazine?