Utility executives say interruptions to supply is their greatest cyberattack-related concern, closely followed by potential impacts on customer and employee safety, a new survey found.
Almost two-thirds of respondents worry there is at least a moderate risk of a cyberattack causing disruptions to electricity supply in the next five years, according to the report by Accenture. The survey covered over 100 utility executives from over 20 countries in Europe, North America, Asia Pacific and other regions. The respondents were decision-makers in processes related to smart grids.
Accenture found 57 percent of respondents fret a cyberattack would result in interruption to electricity supply, while 53 percent are worried about its impact on employee and/or customer safety.
Roughly half of respondents are concerned about theft of sensitive customer or employee data, and theft of company data and intellectual property. Ransomware and destruction of physical assets are also among the top concerns.
“A typical distribution grid has neither the size of a transmission network nor the same risks of cascading failure,” Accenture said in its report.
“However, distribution grids have the same vulnerabilities and, as a potentially softer target, could be increasingly subject to attack. Breaches by a wide range of potential attackers could have devastating impacts along the entire electricity value chain, from generation through to consumers. A successful attack could erode public trust in the utility and raise questions about the security of all devices along the value chain.”
Cyberattacks conducted by state-sponsored actors are considered the biggest risk to distribution networks. This is also the greatest concern in North America. On the other hand, cybercriminals are seen as the biggest threat in Europe and the Asia Pacific region.
The report found utility executives fear risks posed by the Internet of Things (IoT) devices found in consumers’ homes.
Despite concerns, over 40 percent of respondents said their organizations did not fully integrate cybersecurity into their risk management processes.
Nearly one-third of respondents believe improved threat identification and sharing across the industry would have the greatest impact on their cybersecurity capabilities. Others believe the biggest impact would come from clearer understanding of OT implications for cybersecurity (20 percent), training and risk awareness (15 percent), a holistic security program (12 percent), a risk management framework incorporating cybersecurity (11 percent), and clear cybersecurity governance and roles (10 percent).