fbpx
Client Login

Stay Updated

Subscribe to the INSURICA blog and receive the latest news direct to your inbox.

Subscribe to the blog

Cyber Attack Resilience in Oil and Gas

The energy sector is no stranger to a cyber attack. For many American families and businesses, the most personally disruptive incident in recent memory came in May 2021 with the ransomware attack that shut down the Colonial Pipeline, a major U.S. oil and gas pipeline responsible for supplying nearly half of the East Coast’s petroleum.

With industrial device connections expected to reach 37 billion by 2025, digitization is rapidly transforming the oil and gas industry from a commodity-based business run on analogue equipment into an automated, remote-controlled and artificial intelligence (AI)-driven industry that makes risk-based decisions with internet-like speed. This rapid pace of digitalization comes at a cost, however; as oil and gas companies digitize operations, they simultaneously expose their companies to cyber risks.

Malicious actors increasingly view the energy industry as a ripe target to launch cyberattacks for financial, criminal or geopolitical gain. Recent studies from IBM indicate, the volume of attacks against operational technology-connected assets increased over 20 times from 2018 to 2019. Further studies from the IBM Security and Ponemon Institute show the average energy sector data-breach cost has risen more than 13% since 2019, to $6.39 million – a higher cost than the global average of $3.86 million.

To prepare for the new normal of more frequent and sophisticated cyber attacks on energy and critical infrastructure, energy sector CEOs and corporate board members must take the best practices and key lessons learned from a decade of both successfully addressing – and learning from – the failures of addressing cyber risk.

The World Economic Forum (WEF) boils down current best practices principles in a useful publication titled Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers. Oil and gas industry leaders looking to address cyber attack risks will find guidance on how to implement key recommendations within their organizations and how to level up security practices throughout the value chain and the broader energy ecosystem.

The WEF’s six cyber resilience principles for oil and gas infrastructure are drawn from the shared real-world experience of leading companies in the oil and gas sector, to include:

  1. Cyber resilience governance – Cybersecurity efforts count on broad participation within an organization. Aligning efforts and setting clear accountability are fundamental to success.
  2. Resilience by design – Including cybersecurity as a design parameter and as part of corporate culture helps improve outcomes.
  3. Corporate responsibility for resilience – Recognizing that sophisticated, frequent threats are likely to continue or escalate, organizations should be examining their cyber risks, and taking responsibility for managing those risks.
  4. Holistic risk management approach – As with other risks, managing a cyber attack requires a mandate, funds, resources and accountability. In the oil and gas sector, it’s especially important to discover and mitigate risks to all parts of the value chain, so that one weak link doesn’t bring production to a halt.
  5. Ecosystem-wide collaboration – Weak links in defenses may lie outside of an organization. Intentional efforts to share cyber threat information, use best practices and improve cybersecurity maturity across the whole sector help industry-wide stability.
  6. Ecosystem-wide cyber resilience plans – Recognizing that a cyber attack could continue to occur, organizations should build resilience plans to help mitigate damage from those that succeed in whole or in part. Cybersecurity exercises enable defenders to test and improve defenses – including how they will cooperate with other industry partners.

Oil and gas sector leaders will need to build cyber resilience into their organizations and partnerships to continue providing reliable, timely fuel deliveries to their customers in a future full of cyber threats.

For more information on protecting your business from a cyber attack, explore more cyber topics on our blog or contact INSURICA today.

About the Author

Adam Ewing
Adam Ewing
INSURICA Content Creator

Share This Story

Keep up to date

Subscribe to the INSURICA blog and receive the latest news direct to your inbox.

Subscribe to the blog

Related Blogs

Hot Work Hazard Prevention for Oil Field Workers

September 21st, 2022|Blog, Energy, Safety Tips|

“Hot work” refers to any task that involves burning, welding, or the use of fire- or spark-producing tools, or actions that generate sources of ignition. On an oil job site, there are numerous potential hazards, including well heads, fuel tanks, mud tanks, tank batteries, gas separators, and oil treaters.

Cyber Attack Resilience in Oil and Gas

September 19th, 2022|Blog, Energy, Safety Tips|

The energy sector is no stranger to a cyber attack. For many American families and businesses, the most personally disruptive incident in recent memory came in May 2021 with the ransomware attack that shut down the Colonial Pipeline, a major U.S. oil and gas pipeline responsible for supplying nearly half of the East Coast’s petroleum.

Considering the Risks of Wind Energy Projects

September 18th, 2022|Blog, Energy, Safety Tips|

As the shift to alternative sources of energy continues to be a topic of utmost relevance, investments in wind energy have become increasingly prevalent. While the energy source receives a great deal of attention, it also entails a complicated combination of risks, both financial and commercial. If you are considering wind farms as a potential investment, take the following factors into account to ensure that you have an ample risk management plan for this complex and largely unexplored territory.

Go to Top