Utilities Still Struggling With IT Security Issues, Study Says

Three-quarters of energy firms have experienced a breach in the last year; 69 percent expect more to come

Seventy-five percent of energy and utility companies have suffered an IT security breach in the past year, and the situation doesnt seem likely to improve anytime soon, according to a study published today.
According to the
State of IT Security: Study of Utilities & Energy Companies
report -- which was conducted by Ponemon Institute and sponsored by security monitoring software vendor Q1 Labs -- more than three-quarters of global energy organizations surveyed admit to having suffered at least one data breach during the past 12 months. Sixty-nine percent think a data breach is very likely or likely to occur in the coming year.
We were surprised that utility companies didnt put a higher priority on issues like smart grid and smart meters, where theres been a lot of concern about cyberthreats, says Larry Ponemon, chairman and founder of Ponemon Institute. Many of the people we talked to are still more focused on physical security than on cybersecurity.
It takes an average of 22 days for the energy companies in the study to detect insiders making unauthorized changes, the study says. Yet 43 percent of respondents ranked negligent or malicious insiders as their top security threat, with insiders the No. 1 root cause of data breaches among the companies surveyed.
Seventy-one percent of the respondents said their executive management team does not understand or appreciate the value of IT security, the study says. Sixty-seven percent of energy organizations were not using what they consider state of the art technologies to minimize risks to infrastructure-critical SCADA networks.
Respondents also expressed dissatisfaction with the tools they use to monitor their IT systems. Seventy-two percent said they dont think their monitoring systems are effective at gathering actionable intelligence, such as real-time alerts, threat analysis, and prioritization, about actual and potential exploits. Only 21 percent of global energy and utilities organizations think their existing controls can protect them against exploits and attacks through smart grid and smart meter-connected systems.
After doing this survey, Im more worried about the security of the power grid than I was before, Ponemon says. In many cases, the people responsible for monitoring the cyber side are either being shot down by upper management or they dont have the right skill set to do the monitoring.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Utilities Still Struggling With IT Security Issues, Study Says