Twitter Facebook Google RSS
National Defense > Blog > Posts > Energy Sector Leaders Still Not Taking Cyber Threats Seriously, Survey Finds
Energy Sector Leaders Still Not Taking Cyber Threats Seriously, Survey Finds
By Christina Munnell

Companies and organizations in the energy sector remain vulnerable to cyber attacks, which could result in the loss of intellectual property and leave critical infrastructure prone to damage, according to a recently released study.

Many of the world’s utility, oil and gas, energy and manufacturing companies have immature cyber security programs, according to a survey sponsored by Unisys and conducted by the Ponemon Institute. It polled 599 info-tech executives in 13 countries. Most respondents reported that security programs in their companies were unorganized and ill-equipped to handle network and other kinds of computer intrusions.

“As the findings reveal, organizations are not as prepared as they should be to deal with the sophistication and frequency of a cyber threat or the negligence of an employee or third party. In fact, the majority of participants in this study do not believe their companies’ IT security programs are ‘mature,’” the report said.

Although IT security executives are aware of the threats to industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA), the IT professionals in the organizations said their companies are not fully committed to preventing attacks. The companies included utilities, oil and gas companies and manufacturers of alternative energy products.

The data revealed that as a strategic priority, reducing the risk of cyber threats is low across the energy sector.

A majority of respondents — 57 percent — said they believed the cyber risks to ICS and SCADA systems have increased, yet only 28 percent ranked security as one of the top five strategic priorities for their organization.

Over the last 12 months, about two-thirds of these global industries claimed they have had at least one security compromise that led to the loss of confidential information or to the disruption of operations.

Negligent employees were a root cause of security breaches, the report said. And while insider threats are recognized as the greatest risk to cyber security, only 6 percent of the organizations said they trained their employees to spot such threats.

In general, network security professionals lack confidence in the ability of their organizations to combat these attacks. According to the survey, most leaders believe the IT security programs at their organizations are stuck in the middle stages of maturity. Unisys defines the “middle stage” as having IT security program activities clearly defined, but only partially deployed.

Fewer than 20 percent said IT security programs at their respective organizations were fully deployed.

Many enterprises had few resources for addressing the dangers of cyber attacks — either by design, lack of experience, or budget constraints, the study said. The writers of the report suggested that unwillingness to allocate resources would continue until the world suffered a major cyber incident.

To reduce attacks, the report proposes that companies implement more agile and non-disruptive security networks and enforce user credentials policies.
Photo Credit: Thinkstock


There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *



Name: *

eMail *

Comment *


Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *


Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.



Bookmark and Share