The threat of an industrial cyber risk on energy companies is rising and the risk of a breach coming from circumstances outside of their control is growing, according to a survey of oil and gas executives in the Middle East.
The survey was conducted by Siemens and the Ponemon Institute, with the former due to release the results of the full study in February 2018.
This second collaboration between Siemens and the Ponemon Institute involved questioning Middle East field personnel and executives responsible for securing or overseeing cyber risk. A significant theme from the research is the view that cyber risk has become greater in companies’ operational technology (OT) than in their informational technology (IT) environment. In fact, industry research confirms that OT has become a growing target, now comprising 30 percent of all cyber attacks. In the Middle East region alone, 50 percent of all cyber attacks are directed against the oil and gas industry. These attacks have a major impact on productivity, uptime, efficiency and safety.
Sixty percent of all cyber breaches in the region stem from malicious actors rather than human error, the study also reveals. Many of these are increasingly sophisticated state-sponsored cyber attacks that create an especially heightened risk profile. Another result of the study showed that 19 percent of the region’s oil and gas companies rate themselves as relatively slow in implementing adequate cyber security measures, compared with 13 percent in the rest of the world. Similarly, only 17 percent saw themselves as leaders, compared to 22 percent among global counterparts.
“Today’s accelerating digitalisation, the convergence of IT and OT, more frequent and sophisticated cyber attacks, and an energy sector in the crosshairs, led Siemens and the Ponemon Institute to delve into the cyber readiness of the oil and gas industry,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens.
“Attackers have identified this convergence of IT and OT as a key opportunity to penetrate an organisation. As a result, an emerging trend of cyber attacks is designed to disrupt physical devices or processes used in operations. In a digital environment, industrial cyber is the new risk frontier.”
The Middle East-focused study is a follow-up to a similar report conducted by Ponemon Institute earlier this year, examining the U.S. oil and gas industry. That report revealed that nearly 70 per cent of U.S. oil and gas cyber managers said their operations had experienced at least one security compromise within the past year, resulting in the loss of confidential information and OT disruption.