522
Views

DNV: Energy Companies View Cybersecurity as Greatest Risk

Cyber image
iStock

Published Jan 22, 2025 10:19 PM by The Maritime Executive

 

Hacking has risen up to dominate the risk landscape for energy companies, according to DNV. The class society's most recent survey found that two-thirds of energy professionals say that their company's leaders view cybersecurity as the greatest current risk to their business, and expect to increase spending on cybersecurity protections. 

The risks are growing with the expansion of new, digitized green power technology, which inherently creates new potential points of entry and exploitation."The whole energy sector – companies and governments alike – are working together on this massive challenge, which is increasingly complex because the technologies underpinning the transition are largely digital and scaling rapidly. With this comes cybersecurity risks,” said Ditlev Engel, CEO, Energy Systems at DNV.

Nearly half of the energy professionals surveyed said that the extra cyber risk is worth it for advancing the green transition, and the risk should be accepted as a cost of innovation. 

Geopolitical factors are also driving cybersecurity concerns in the energy sector, and three quarters of those surveyed said that their companies have paid more attention to cyber risk because of growing tensions (and growing risk of attacks sponsored by foreign powers). However, even more - four out of five - said that they were concerned about criminal hackers. 

Two-thirds also said that their firm's operational technology (OT) - the computer networks that control automated industrial systems- is especially vulnerable to attack, and most said that their OT is less well-defended than their IT networks. 

"In some companies, you can go to an industrial site and find people working on OT who have never spoken to their counterparts in other sites. They are doing what they have always done because that is how you achieve the required production," said Robert Valkama, Senior Manager of OT Cyber Security at Fortum. "The digital maintenance is missing and that’s hindering cybersecurity efforts."

Supply chain attacks are also a serious concern for energy projects. If threat actors can access an energy company's suppliers - or sub-suppliers - they could insert a malicious program or a weak point into an entire series of new equipment, before it leaves the factory. More than a third of those surveyed said that they believe that at least one of their suppliers had been infiltrated in the past and had decided to keep the breach secret.

"From attacks on supply chains, recruitment of malicious insiders, and the use of AI, adversaries are upping their game and the energy industry needs to keep up," said Auke Huistra, Director of Industrial and OT Cybersecurity at DNV Cyber.