The threat of an industrial cyber risk on energy companies is rising, the risk of a breach coming from circumstances outside of their control is growing and their own security measures require a boost. These are a few initial findings from a survey of oil and gas executives in the Middle East, conducted by Siemens and Ponemon Institute. Siemens will release the full study next February. This second collaboration between Siemens and the Ponemon Institute consisted of a survey of Middle East field personnel and executives responsible for securing or overseeing cyber risk.
A significant theme from the research is the view that cyber risk has become greater in companies’ operational technology (OT) than in their informational technology (IT) environment. In fact, industry research confirms that OT has become a growing target, now comprising 30 percent of all cyber attacks. In the Middle East region alone, 50 percent of all cyber attacks are directed against the oil and gas industry. These attacks have a major impact on productivity, uptime, efficiency and safety.
Sixty percent of all cyber breaches in the region stem from malicious actors rather than human error, the study also reveals. Many of these are increasingly sophisticated state-sponsored cyber attacks that create an especially heightened risk profile. Another takeaway from the study showed that 19 percent of the region’s oil and gas companies rated themselves as relatively slow in implementing adequate cyber security measures, compared with 13 percent in the rest of the world. Similarly, only 17 percent saw themselves as leaders, compared to 22 percent among global counterparts.
“Today’s accelerating digitalization, the convergence of IT and OT, more frequent and sophisticated cyber attacks, and an energy sector in the crosshairs, led Siemens and the Ponemon Institute to delve into the cyber readiness of the oil and gas industry,” said Leo Simonovich, Vice President and Global Head, Industrial Cyber at Siemens.
“Attackers have identified this convergence of IT and OT as a key opportunity to penetrate an organization. As a result, an emerging trend of cyber attacks is designed to disrupt physical devices or processes used in operations. In a digital environment, industrial cyber is the new risk frontier.”
The Middle East-focused study is a follow-up to a similar report conducted by Ponemon Institute earlier this year, examining the U.S. oil and gas industry. That report revealed that nearly 70 per cent of U.S. oil and gas cyber managers said their operations had experienced at least one security compromise within the past year, resulting in the loss of confidential information and OT disruption.