The energy industry is lagging behind other industries in protecting themselves against malicious hackers as cybersecurity protection remains weak and is not a priority.
Nearly seven out of ten respondents who work in the upstream, midstream and downstream companies said in a survey that their businesses have been compromised at least once during the year, with a loss of confidential information and disrupting their operations. Oil and gas companies are failing to protect themselves against hackers, according to a survey of 377 executives who secure or oversee cyber risk that was conducted by the Ponemon Institute, a Traverse City, Mich.-based privacy, data protection and information security policy research group, and sponsored by Siemens, a German-based electrification, automation and digitalization company.
The survey also revealed that 61% of respondents said their company has difficulty mitigating cyber risks with only 41% who said they continually monitor their infrastructure to prioritize threats and attacks. A large percentage of companies or 65% said the top cybersecurity threat is a negligent or careless insider and 61% said the company's industrial control systems protection and security is inadequate.
Energy companies have not updated their systems and technology, leading to the potential of large breaches that can affect major infrastructure needs in the U.S., said Mike Kail, chief innovation officer at Cybric, a Boston-based security-as-a-service platform provider.
"The overall evolution of operational excellence has lagged far behind industry trends and standards," he said. "The security issues and challenges within the oil and gas industry are monumental."
These industries need to be more pro-active in their approach towards infrastructure and security and failing to address these issues quickly can be far reaching.