How Utilities Can Strengthen Cybersecurity Amid Rising Cyberattacks


10/21/2024


In 2023, there were 2,365 cyberattacks affecting over 343 million individuals—about 10 million more than the U.S. population—according to Forbes Advisor. USA Today reports that by 2024, the cost of cybercrime is expected to hit $9.5 trillion, and by 2025, exceed $10.5 trillion. Additionally, by 2031, cyberattacks on businesses, governments, and devices are predicted to occur every two seconds. With data breaches costing an average of $4.5 million per incident, organizations can no longer afford to overlook the growing threat of cybercrime.
 
Alongside their efforts to address climate change, aging infrastructure, and environmental regulations, utility companies are also focused on safeguarding their systems from cyberattacks to ensure reliable services for their communities. While environmental challenges remain a priority, cybersecurity has become an essential part of their overall strategy.
 
With cyberattacks increasing in sophistication and frequency, utility companies must stay vigilant. A failure to do so could result in significant service disruptions and severe consequences for the communities they serve. The 2024 Black & Veatch Electric Report highlights the critical need for investment in both information technology (IT) and operational technology (OT) security. According to the report, 70% of respondents identify phishing attacks as their top IT concern, while ransomware and malware are the next most worrisome threats. For OT, malware (52%) and ransomware (47%) are the most feared, with cloud vulnerabilities concerning 35% of respondents.
 
Though no defense is impenetrable, utilities have many tools at their disposal to enhance their cyber defenses. However, the rapid increase in attacks on OT systems outpaces the maturity of many industrial cybersecurity programs. As systems become more automated and connected, they become more exposed to skilled cybercriminals, and many OT managers lack a complete understanding of their networks, further increasing vulnerability.
 
This leads to a significant issue: most utilities' cybersecurity measures are too immature to protect their OT assets adequately. Only 25% of respondents in the survey reported employing full-time cybersecurity staff, while around half have consulted external cybersecurity experts, leaving many without specialized protection. Alarmingly, 20% of respondents have never hired or consulted grid cybersecurity experts.
 
Despite this, there is some confidence in utilities' ability to withstand cyberattacks, with 70% of respondents expressing some level of confidence in their IT resilience and 71% expressing similar sentiments for OT. However, the real test lies in how quickly they can recover from an attack and minimize its impact.
 
As the energy landscape evolves and new regulatory standards emerge, utilities must do more than meet compliance requirements. While 18% of respondents believe compliance is the most critical factor in managing cyber risks, simply adhering to regulations is insufficient for real security. Compliance should not be confused with comprehensive protection, as many compliant organizations have still fallen victim to cyberattacks. Effective cybersecurity requires ongoing vigilance, regular updates, and rigorous testing of defenses to keep pace with evolving threats.
 
To illustrate, homes with not just security alarms but also gates, lighting, and warning signs are less likely to be targeted, demonstrating the importance of layered and robust defenses in cybersecurity.
 
Click here to download the 2024 Black & Veatch Electric Report.