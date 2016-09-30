Addressing cyber risks in the energy sector is critical not only to energy security, but is also vital for a resilient state and economy; finds a new World Energy Council report. The report highlights that energy companies have seen a massive increase in the number of successful cyber-attacks over the past year.



The critical role that the energy sector plays in the functioning of a modern economy, with its increasing interconnection and digitisation, with the emergence of smart grids and smart devices, make the energy sector a highly attractive target for cyber-attacks aimed at disrupting operations. In a worst case scenario these attacks can result in infrastructure shut down, triggering economic and financial disruptions or even loss of life and massive environmental damage.



The report ‘The road to resilience: managing cyber risks’ published by the Council in collaboration with Swiss Re Corporate Solutions and Marsh & McLennan Companies, was launched at the Energy Day in Berlin, Germany, on 29 September. The report investigates how cyber risks can be managed taking into account the changing nature of the energy industry and energy infrastructure.



The report illustrates the rapid growth of cyber risks highlighting past attacks and potential cyber incident scenarios plus insurance claims implications. Effectively addressing cyber risk demands much higher public awareness, in governments and utilities.



Key recommendations of the report include:



Industry: Energy utilities must view cyber as core business risk, increase awareness and build strong technical and human cyber resilience strategies. Adopting a common cross-sector cybersecurity framework for example can help locating key areas of cyber risk management and identify those systems that need to be protected at all costs.



Technology companies can play an innovative role. They must monitor the nature of cyber-attacks and embed security features into the products they are developing and delivering.



Governments: Policymakers must stimulate the introduction of standards, regulation and support information sharing, and in doing so support strong responses from companies to cyber risks. A cybersecurity talent pool is vital given the demand for skilled workers exceeds the supply with a growth rate that is more than two times faster than all other IT jobs.



Insurance and finance: The insurance sector must monitor cyber risks and focus on managing newly arising and changing risks. They need to develop appropriate cyber insurance products and better understand how their existing portfolios are impacted by cyber incidents. In analysing energy sector information in detail, they must help companies to better quantify their cyber risks.



Energy companies must get used to the fact that cyber now poses the same kind of risk to large infrastructures as a flood or a fire. The nature and changing risk profile of the cyber threat, from economic espionage to disruption of production, demands a cross-sector based risk approach from businesses and governments around the world.



‘The road to resilience: managing cyber risks’ is the third in a series of reports that addresses the need for more investment and system change to increase resilience towards emerging risks, besides cyber threats,