Cyber-attacks are a top-tier security threat agnostic to company size, energy segment and location.
Cyber-attack risk-mitigating strategies span the dialogue and actions of C-Suites and boards; they crisscross business units, transportation, supply chains and field operations. Evaluating cyber-attack risk as a contingent liability is now a major factor in M&A decisions.
How prevalent are cyber-attacks?
They're accelerating globally at alarming rates:
- Comparing Q3 2022 with Q2 2022, user-account cyber breaches increased 70% globally
- Software supply-chain attacks increased by 742% in the last three years
Why do cyber threats continue to grow?
First, as technology becomes more powerful and efficient, the cyber threat to businesses grows in lockstep. Advances in processing power and technological complexity create enhanced capabilities for bad actors and more opportunities for exploitation.
Second, the complex, ever-increasing number of entry points for bad actors to attack. Energy companies gain value from data across business units and supply chains using internal and external IT sources. Value is further enhanced by data from field, transportation and related operational technologies (OT) gained via Industrial Internet of Things devices, smart sensors and traditional OT deployments.
The reason that the energy industry is a high value target for cyber-crime is because of its major role in global commerce. Reciprocally, industry disruption is equally major. There are 16 critical infrastructures in the U.S., many of which are directly energy related. Energy disruption has consequences to most, if not all 16.
Cyber risk factors to consider:
- Cyber ranked as the top enterprise risk with upward trends
- Globally, there are 3.4 million unfilled cyber security jobs; more than 82,000 are in Texas alone
- It takes an average of 287 days to detect and contain a cyber breach
- Financial risk is increasing via stiffening privacy laws that span countries, continents and states
How can organizations address cyber risk?
Be proactive; think resilience. Lowering a company's cyber risk is not a one and done box to check; it's an ongoing journey of risk mitigation and risk transfer.
Start with raising cyber awareness; one doesn't know what one doesn't know. If a business is unaware of its current risk threat, it can't map a journey to desired outcomes.
Amateur attackers are scanning for easy targets. There are low-cost options for companies that identify and offer guidance to close discoverable gaps in protection. This can lower a company's cyber risk. This is also a precursor to improving a company's cyber risk transfer, i.e. cyber insurance. In fact, removing identified gaps in protection is now a minimum requirement for securing cyber insurance.
In conclusion, raising the awareness of a company's particular cyber threats gives it a more clearly defined strategy for mitigating and transferring the risk.
For more information, visit higginbotham.com.
