Energy Supply companies most vulnerable to cyber-attack says new report

Why are Energy Suppliers a target for cybercriminals?

In short, if you have something to sell or process data, then you have something to steal.

Energy suppliers process and utilise a vast wealth of data that is appealing to cybercriminals. The personal details of customers and their financial information are tempting targets for hackers.

Technology is playing an ever increasing role in the running of energy supply companies with virtually all utilising customer service and electronic billing systems. The increase in connectivity has created more attack vectors and in turn raised the threats faced.

Topping the Cyber Threat Ranking Table

According to the new Cyber Threat Ranking Table, the energy sector experienced median losses of over £100,000 within the last year and topped the table for the sectors most at risk.

The report shows that 84% of energy suppliers have a dedicated cybersecurity role in place but only 68% have a cyber insurance policy and the average budget allocated to security is 10% less than the national average seen in other sectors.

Often, a lower cybersecurity budget correlates with a higher number of security incidents.

Smaller energy suppliers are more likely to be attacked as hackers tend to seek out what they deem to be easy prey. A common issue found in cybersecurity is that smaller businesses think that their size will mean that will slip under the radar of criminals who they believe will want larger prizes. In reality, the opposite of that is true as hackers tend to seek out the easiest targets possible.

The Covid-19 pandemic has also increased the risk on energy suppliers as many have been forced to either furlough their staff or move to a working from home model which in itself raises a whole host of cybersecurity issues.

Companies are also more likely to understandably be focusing on other issues and could be putting the cyber risks on the back burner leaving them vulnerable.

Also read: Elexon hit by Cyber Attack

Continued investment in security

“While firms appear to be upping their game when it comes to cybersecurity at a global level, this is by no means uniform across sectors or countries.

The UK energy sector currently appears to be among the most vulnerable which, giving the growing intensity of criminal activity across the globe is a great concern. The high risk score associated with businesses in this sector highlights the importance of on going investment in cyber defences to help minimise vulnerability and improve overall cybersecurity resilience,” said Stephen Ridley, cyber underwriting manager at Hiscox UK.

Simple steps to reduce the risks

Effective cybersecurity doesn’t have to be overly expensive and the risks can be reduced by implementing some basic steps. These include -

• Patching – ensure you download and install the latest security patches when they’re released. A huge number of cyberattacks rely on businesses not having the latest patches installed.
• Cybersecurity awareness training for employees – cybersecurity isn’t just the responsibility of the IT department. As most cyber incidents begin through phishing emails , imagine if employees are trained and aware of what they look like. Instead of opening them and potentially compromising the organisation they’ll delete them; voila the threat has been eliminated.
• Keep your antivirus up to date – new variants and strains of malicious software (malware) are created every day, by ensuring your antivirus is kept up to date you will be protected from the latest versions.
• Backup your data – 2019 has seen a huge rise in Ransomware (malware that encrypts data and holds it hostage), to avoid disruption from this you should ensure you regularly backup your data.
• Plan – Do you know how to respond to a cyberattack? Making an incidence response plan is a vital component of being able to respond quickly and with the least amount of disruption. Regular drills and exercises will mean your business will know what to do should the worst happen.

There’s some excellent advice provided by the NCSC - https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security/the-10-steps

Further Reading

Housing Associations appeal to Big Six Energy Suppliers to do more for vulnerable customers this Winter

Ofgem under pressure to deliver NetZero target but new report highlights the challenges

Halloween: The Most Haunted Power Stations in the World

Dyball Associates are proud to help new supply businesses successfully launch in the UK market.

Through our energy market consultancy services, and the software we’ve developed, we’re supporting new UK electricity and gas suppliers get set up and start supplying.

For more information on how to start and manage an energy company, get in touch with Dyball Associates today.