The Energy/Power (E/P) sector’s speed of digitalization is outpacing its building of cyber defense capabilities and adaptation of overall risk management strategies. In the report, Winning the Cyber Risk Challenge, Marsh & McLennan Advantage Insights analyzes the Marsh Microsoft 2019 Global Cyber Risk Perception Survey to explore the latest cyber trends in the transitioning E/P landscape and propose strategies to proactively measure and manage cyber risks. Marsh is an affiliate of Guy Carpenter.
Many organizations in the E/P sector are now facing two overarching challenges that are shifting the threat landscape.
Internal Challenge: Digitalization in the sector is outpacing its cyber defense capabilities
While digital transformation is positively reshaping the sector by reducing operational costs, improving profitability, and enabling faster and more effective decision-making; it also introduces a new set of risks to be managed, such as weaker security baselines and the use of potentially insecure data storage systems and data communication.
While cloud computing is perceived to have the greatest business benefit by respondents (65 percent) in the sector, the perceived level of cyber risk associated with it among respondents is higher than for most other technologies (26 percent), due to potential weaknesses in program interfaces and outside access to data.
While the sector is aware of the risks, there are concerns that it is not adequately equipped to deal with cyber threats – or perhaps overconfident in its ability to do so. When compared to the cross-industry average, respondents from the E/P sector are more confident in understanding and mitigating cyber risks but are just as insecure when it comes to recovering from cyber incidents.
External Challenge: E/P organizations are increasingly targeted by sophisticated cyber attackers
Both publicly and privately-owned E/P organizations have become prime targets for criminals and hostile governments. In many cases, the ability to disrupt enemies by bringing down the systems on which they depend has become a more central part of their strategy than conventional warfare. As such:
- 60 percent of respondents are highly concerned about the potential harm that a nation-state cyberattack could have on their business
- 53 percent agree that governments need to do more to help protect E/P organizations against nation-state cyber-attacks