A survey of power and utility bosses on cyber attack vulnerability found that just 11 per cent felt that their current data security measures fully met their needs.
The poll by EY found that 60 per cent are running no – or just informal – threat assessments, while 64 per cent believe their security strategy “is not aligned with today’s risk environment”.
And 80 per cent said that they had witnessed an increase in external threats, with the most common including malware and ‘phishing’.
Fraser Nichol, director of EY’s Information Security Advisory, said that “information security is increasingly a concern for utilities as they face a flood of data from customers, smart meters, operational assets and the power grid”.
“Technology and data have completely transformed the P&U sector, allowing companies to use information to improve and expand services and better engage with customers.
“However, big data also brings added regulatory obligations around privacy and security — and the risk that sensitive data will be subject to increasingly sophisticated cyber attacks.”
And he added that while “most utilities recognise the information security risks they face… it seems few are ready for them.”
Nichol said that a almost a third of poll respondents said they spend more than $3m per year on cyber security, while about half of all respondents said their information security budget would increase in 2014.
He added: As cyber security threats gather pace, leaders in P&U organisations must step up their efforts to improve their information security programmes.
“A more proactive approach, greater employee awareness, innovative security solutions and an integrated information security programme will enhance a company’s defenses against inevitable cyber attacks and protect it from potential reputational damage, regulatory action and higher costs.”
“Leading organisations know that cyber attacks will only increase,” he said. “The time to act is now.”