In an environment marked by the evolution towards a new energy model that is hastening the implementation of information technologies,companies in the sector have a clear vision and a road map to follow in the area of cybersecurity. 89% of energy companies have strategic plans broken down into initiatives, metrics and indicators and they are shifting towards a Digitally Protected Organization model.
Senior management is also heavily involved in the strategy. The vast majority of companies are developing the needed awareness and training programs for their staff and 67% have a sufficient budget allocation to implement the necessary transformation.
On the other hand, only 44% have fully identified and protected their key processes and technological dependencies. The remaining companies understand how to improve and are moving forward so as to protect all their critical processes.
These are some of the data on the energy sector revealed by the 2020-2021 Report on Digital Maturity in Spain, which focused on Cybersecurity, that was drawn up by the Indra companies Minsait and SIA and presented today at the Spanish Energy Club. The study was conducted upon the basis of personal interviews with the heads of around a hundred large companies from different sectors and organizations in Spain and the rest of Europe, as well as some of the leading experts in cybersecurity.
Despite the high degree of maturity generally displayed by companies in the sector, it is still necessary to reinforce the measures in relevant areas such as data protection and hardware and software asset management. In fact, 56% of companies acknowledge that there is room for improvement in the implementation of information encryption, classification and labeling technologies and 44% still manage their inventories using manual processes.
This is even more evident when considering only 22% have implemented measures to centrally manage the digital identities of their employees, users with special privileges in their information systems, and their customers, although it is true that most have acquired a tool and are continuing to make the shift towards centralized identity management.
The increasing complexity of asset operations and the supplier ecosystem, as well as the greater demand for digital channels with customers, has led to an increase in attacks and a trend towards establishing stable, mid- to long-term alliances with specialized partners who offer a comprehensive vision of the challenges posed by a hyper-specialized and ever-changing sector.
As a result of these agreements, 78% of organizations within the sector rely on a Cybersecurity Operations Center, an essential tool for detecting attacks and reacting to incidents. These partnerships will also play a key role in the shift towards the secure convergence of Information Technology and Operational Technology (IT/OT) environments, a process 75% of energy companies are already implementing through security assessments to identify the risks in each environment.
The report on Digital Maturity in Cybersecurity shows that companies are aware of the challenge they face and that they have taken significant strides over the past year. However, the dynamic nature of cyberthreats and the difficulties involved in comprehensively managing them within all the production processes of an energy company (requiring a multidisciplinary approach) are two of the major obstacles that are holding back progress. Their success relies on the protection needed to grow and do business online in the years to come.
Throughout the 400-plus pages of the report, SIA’s cybersecurity experts review the best practices and measures for protecting a company, and provide a road map that includes identifying risks, implementing actions for protection, determining a strategy to detect attacks, having specialists to be able to respond effectively, and ensuring recovery capabilities.