Energy leaders face escalating ransomware and phishing threats

Energy leaders face escalating ransomware and phishing threats

Bridewell research reveals ransomware has caused revenue loss to nearly half of energy leaders.

Almost half (47%) of businesses in the energy sector have suffered from loss of revenue from downtime as a result of a ransomware attack in the past 12 months. 

This is according to the latest research by Bridewell, which has surveyed 521 staff responsible for cybersecurity at UK CNI organisations encompassing civil aviation, energy, transport, finance and central government.  

The dual attack threat 

Ransomware attacks have significant implications for the energy industry, with 45% of respondents admitting they have suffered disruption to their operations as a result of an attack. Downtime not only raises the risk of disrupting critical electricity and gas operations but can even threaten livelihoods in the process. 

In addition to the growing ransomware threat, phishing attacks are also widespread, averaging 14 incidents per year. The dual threat is putting immense pressure on the industry to enhance its cyber defences and response strategies. 

Delayed response 

Given these significant consequences, the sector is struggling to react quickly to cyber incidents and mitigate the damage they cause. While phishing attacks are dealt with in an average timeframe of 8.99 hours, ransomware responses take 14.84 hours and nation-state attacks take as much as 18.77 hours on average to respond to. These are particularly dangerous threats for the sector due to the societal and economic damage that can be inflicted from downtime. 

Future-proofing energy 

Despite these concerns, energy organisations are actively enhancing their cybersecurity measures. Almost every energy organisation (94%) is now leveraging AI-driven tools, including AI-enhanced data loss prevention and endpoint protection. In another promising development, energy organisations expect to spend more on IT security than last year. Half (51%) say that their outlay will increase on 2023’s figure. 

“The energy sector’s role in global economies and society as a whole makes it a particularly vulnerable industry,” said Anthony Young, Chief Executive Officer of Bridewell. “But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to futureproof its operations.

“It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cybersecurity in order to protect itself,” added Young.

Browse our latest issue

Intelligent CISO

View Magazine Archive