The threat of an industrial cyber risk on energy companies is rising, the risk of a breach coming from circumstances outside of their control is growing and their own security measures require a boost.
These are a few initial findings from a survey of oil and gas executives in the Middle East, conducted by Siemens and Ponemon Institute. Siemens will release the full study next February. This second collaboration between Siemens and the Ponemon Institute consisted of a survey of the Middle East field personnel and executives responsible for securing or overseeing cyber risk.
A significant theme from the research is the view that cyber risk has become greater in companies’ operational technology (OT) than in their informational technology (IT) environment. In fact, industry research confirms that OT has become a growing target, now comprising 30% of all cyber-attacks. In the Middle East region alone, 50% of all cyber-attacks are directed against the oil and gas industry. These attacks have a major impact on productivity, uptime, efficiency and safety.
Sixty percent of all cyber breaches in the region stem from malicious actors rather than human error, the study also reveals. Many of these are increasingly sophisticated state-sponsored cyber-attacks that create an especially heightened risk profile. Another takeaway from the study showed that 19% of the region’s oil and gas companies rated themselves as relatively slow in implementing adequate cyber security measures, compared with 13% in the rest of the world. Similarly, only 17% saw themselves as leaders, compared to 22% among global counterparts.
“Today’s accelerating digitalisation, the convergence of IT and OT, more frequent and sophisticated cyber-attacks, and an energy sector in the crosshairs, led Siemens and the Ponemon Institute to delve into the cyber readiness of the oil and gas industry,” said Leo Simonovich, vice president and global head, industrial cyber, Siemens.
“Attackers have identified this convergence of IT and OT as a key opportunity to penetrate an organisation. As a result, an emerging trend of cyber-attacks is designed to disrupt physical devices or processes used in operations. In a digital environment, industrial cyber is the new risk frontier,” added Simonovich.
The Middle East-focused study is a follow-up to a similar report conducted by Ponemon Institute earlier this year, examining the US oil and gas industry. That report revealed that nearly 70% of the US oil and gas cyber managers said their operations had experienced at least one security compromise within the past year, resulting in the loss of confidential information and OT disruption.