The FINANCIAL — Sixty percent of oil and gas organizations have experienced a recent significant cybersecurity incident, up from 41% last year, according to the latest EY Oil and Gas Global Information Security Survey 2017-18 (GISS), Cybersecurity regained: preparing to face cyber attacks.
Yet only 17% feel assured they would have the means to detect a sophisticated cyber attack, while 95% say their cybersecurity function does not fully meet their organization’s needs.
The pace of digitization across the oil and gas sector is expected to accelerate in the next decade, in part as a means to improve efficiency in response to sustained low oil prices. According to new EY commentary, Digitization and the rise of cyber-physical risks, increasing adoption of the Industrial Internet of Things (IIoT) and the convergence of information and operational technology has increased businesses’ exposure to new cyber-physical risks – those that could jeopardize the entire supply chain and disrupt regional sector operations.
Jeff Williams, EY Global Oil & Gas Advisory Leader, says:
“As more connected endpoint devices such as smart sensors are being deployed across the oil and gas industry, the potential for cyber infiltration rises exponentially, potentially placing the entire supply chain at risk, disrupting regional operations, or worse, causing loss of life. Our latest Oil and Gas Global Information Security Survey findings indicate that cyber-physical risks are not currently being effectively identified, tracked or monitored across the sector, leaving organizations increasingly exposed.”
The oil and gas GISS report further reveals that 63% of organizations (up from 58% last year) say an attack that did not appear to have caused harm would be unlikely to prompt an increase in their cybersecurity budget, and most (97%) do not evaluate the financial impact of all significant breaches.
Meanwhile, only 13% of organizations say they have fully considered the information security implications of their current strategy and plans. And nearly half (48%) acknowledge that it will be challenging to ensure that their implemented security controls are meeting today’s requirements.
Williams says: “The survey highlights that many oil and gas companies are in the early stages of their digital transformation and information security journeys. Understanding the threats new technologies bring is critical for planning the long-term success and resilience of sector operations. Organizations need to take a proactive approach to cybersecurity now, to avoid major vulnerabilities at a later stage.”
The majority (78%) of GISS oil and gas respondents consider careless members of staff as the most likely source of an attack, while 50% say a lack of skilled resources is challenging information security’s contribution and value to their organizations. However, the survey indicates that cybersecurity is rising on the boardroom agenda across the sector, with 46% stating that they feel the whole board is knowledgeable about information security – up from 31% last year.