Power and utilities companies are increasingly vulnerable to cyber attack. In the last twelve months, adversaries such as foreign nation-states and organised crime rings have become more adept at overcoming traditional barriers, giving rise to a spate of sophisticated – and damaging – security breaches.

Michael Rogers, director of the National Security Agency in the US, confirmed the obstacles facing power and utilities companies in a November 2014 interview with ABC News. Rogers revealed that the US Department of Homeland Security addressed 198 cyber incidents across critical infrastructure industries last year with 40% levelled at energy companies.

“The energy sector continues to bear the brunt of our country’s cyber-attacks because hackers recognise that the energy sector is our country’s Achilles heel” said Rogers.

But the sector’s appeal to online criminals is only one half of the equation. According to the 2015 Global State of Information Security Survey (GSISS 2015), an annual PwC report that incorporates responses from over 9,700 security, IT and business executives, the swift rise in cyber crime also stems from wide-scale attrition across strategies, processes and online security initiatives.


Global State of Information Security Survey 2015: power and utilitiesHere are the most important takeaways from GSISS 2015 – and what they mean for your ability to ward off threat.

Virtual attacks have gained real-world significance

If you’re a power and utilities company, it’s no longer wise to talk about cyber security in speculative terms. In fact, the industry has seen the average number of cyber crime incidents multiply a staggering six times over the previous year – the most dramatic increase across any sector. But although cyber attacks have lost their theoretical status, virtual criminals are being prevented from doing serious fiscal harm – respondents revealed that the financial fallout from virtual breaches lowered by 51% in the last twelve months.

A dip in security spending has eroded awareness of online crime

It’s common knowledge that security infrastructure requires sustained investment but PwC research has found that security spending has stalled at 4% or less of the  total IT budget in the last five years. The fact that businesses are tightening security spending even as they invest heavily in other areas suggest an unwillingness to see the link between a spike in cyber crime and the importance of robust processes and initiatives.

Former employees pose the most serious virtual threat

There’s a divide between myth and reality when it comes to the biggest proponents of virtual crime. The PwC report revealed that although attacks by foreign nation-states, organised criminals and hacktivists have the potential to wreak serious havoc, the most frequent cyber attacks come from current and former staff members. Despite this, it’s dangerous to ignore the fact that the number of more seasoned cyber criminals is on the rise worldwide – attacks that can be traced back to foreign nation-states increased twofold in 2013.

Businesses should embrace a risk-based approach to cyber security

Although responsiveness should play a starring role in an effective cyber security strategy, this isn’t always the case. The report revealed that the number of organisations that employed an overall information security strategy dropped to 70% this year, down from 79% in 2013 and that those that align their strategy to business imperatives comprised only 45%. However, power and utilities companies demonstrate an approach to cyber security that – at least partly – aims to mitigate risk. Sixty two percent say that their cyber security initiatives are closely aligned with the most profitable aspects of their business.

Ultimately, combining vigilance, awareness of security issues and increased investment can empower power and utilities companies to better address potential risk. As cyber attacks grow in scale and frequency, cyber security strategies are bound to rise to the challenge.

Visit the GSISS page to learn more about the PwC Global State of Information Security Survey.



Steve Ingram

Steve Ingram was previously the leader of PwC Australia’s Cyber practice.

More About Steve Ingram