An overwhelming majority (89%) of power and utility executives say their cybersecurity function does not fully meet their organization’s needs, according to the EY Global Information Security Survey 2016-17.
That number continues to rise compared with last year (86% in 2015) as companies struggle to manage increased risk from growth in digital and connected devices.
“Cybersecurity efforts must evolve with advancing technology,” Matt Chambers, EY Global Power & Utilities, Risk and Cybersecurity Leader, said. “The proliferation of digital devices and the convergence of operational technology (OT) and information technology (IT) environments are creating new efficiencies and business improvements but are also increasing the attack surface of power and utility companies. Now, with attackers casting their sights on bigger targets, critical infrastructure is more at risk than ever before. Protecting customers, employees and the wider community requires a robust program to sense, resist and react in the most effective way possible to different risk scenarios.”
Fifty-eight percent of survey respondents acknowledge they have recently experienced a significant cybersecurity incident. Employees were overwhelmingly considered to be the biggest source of attack with 84% of respondents listing careless employee actions as a threat. The majority (58%) of executives rated security awareness and training as a high priority.
The majority (66%) of power and utility executives say budgets will increase over the next 12 months, but it may not be enough. Thirty-nine percent of respondents say they need at least a 25% budget increase to achieve their desired level of risk tolerance. However, only 13% expect this magnitude of increase in funding.