Survey: Nearly 9 in 10 utilities say their cybersecurity measures miss the mark
HOUSTON, Feb. 15, 2017 An overwhelming majority (89%) of power and utility executives say their cybersecurity function does not fully meet their organization's needs, according to the EY Global Information Security Survey 2016-17.
That number continues to rise compared with last year (86% in 2015) as companies struggle to manage increased risk from growth in digital and connected devices.
Matt Chambers, EY Global Power & Utilities, Risk and Cybersecurity Leader, says:
"Cybersecurity efforts must evolve with advancing technology. The proliferation of digital devices and the convergence of operational technology (OT) and information technology (IT) environments are creating new efficiencies and business improvements but are also increasing the attack surface of power and utility companies. Now, with attackers casting their sights on bigger targets, critical infrastructure is more at risk than ever before."
Fifty-eight percent of survey respondents acknowledge they have recently experienced a significant cybersecurity incident. Employees were overwhelmingly considered to be the biggest source of attack with 84% of respondents listing careless employee actions as a threat. The majority (58%) of executives rated security awareness and training as a high priority.
Chambers says: "Power and utility companies are grappling with significant disruption in the sector and the security implications of digital transformation often gets lost. As a result, too many organizations only consider investing in cybersecurity after there is a large breach or if it's mandated rather than committing budget up front."
The majority (66%) of power and utility executives say budgets will increase over the next 12 months but it may not be enough. Thirty-nine percent of respondents say they need at least a 25% budget increase to achieve their desired level of risk tolerance. However, only 13% expect this magnitude of increase in funding.
Chambers says: "Protecting customers, employees and the wider community requires a robust program to sense, resist and react in the most effective way possible to different risk scenarios. Cybersecurity efforts often prioritize preventative controls – and it is important hygiene to protect the technology from standard threats – but that will be insufficient against a determined attacker. Utilities must invest in strengthening detect and response capabilities. Attacks to disrupt safe and reliable service are already occurring."
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
About EY's Global Power & Utilities Sector
In a world of uncertainty, changing regulatory frameworks and environmental challenges, utility companies need to maintain a secure and reliable supply, while anticipating change and reacting to it quickly. EY's Global Power & Utilities Sector brings together a worldwide team of professionals to help you succeed — a team with deep technical experience in providing assurance, tax, transaction and advisory services. The Sector team works to anticipate market trends, identify their implications and develop points of view on relevant sector issues. Ultimately, this team enables us to help you meet your goals and compete more effectively.
For more information, please visit ey.com/powerandutilities.
About the report
EY's 19th annual Global Information Security Survey captures responses from 1,735 C-suite leaders and IT executives and managers from most of the world's largest and most recognized global companies. Of this, 81 respondents identified as part of the Power & Utilities sector. The survey was conducted between June 2016 and August 2016.
Access the report at ey.com/powergiss.