Energy, utility sectors feel ‘most exposed’ to cybersecurity threats, survey finds

Dive Brief:

• More than four in ten (44%) U.K. and U.S. companies "feel very prepared" to handle technology risks, according to a new Beazley report on tech risks, including cybersecurity, disruption, intellectual property protection and failure to modernize. Beazley surveyed more than 1,000 business leaders and insurance-buyers in 10 industries.
• Respondents said they are most prepared and resilient in cyber-related risks, compared to the other risks. More than half (55%) of U.S. business leaders, compared to 34% of U.K. leaders, said they are prepared to handle cyber risks.
• The high level of confidence in cybersecurity might be due to a reliance on digital trading and a perception there is "safety in numbers," the report said. "Time will tell if such high levels of confidence are well placed."

Dive Insight:

With layers of protection, including cyber insurance coverage, business leaders might feel insulated from threats. However, with sophisticated threats mounting, it's difficult to predict where and how an attacker evades protections.

Companies in the utilities and energy sector feel the most exposed to cyberthreats, according to 40% of Beazley respondents. There have been a number of attacks in that space, including a ransomware attack in May that forced Colonial Pipeline to shut down the largest refined products pipeline system in the United States. The company made a payment of roughly $4.4 million in bitcoin ransom to aid a swift recovery.

However, the report also noted energy and utility executives feel more resilient to technology risks. These are sectors "where businesses have become adept at dealing with disruption more generally," the report notes.

Retail and technology and telecommunications companies tied for second in the Beazley survey, with 38% of respondents saying the two sectors were most exposed to cyberthreats.

Still, 65% of retail leaders and 69% of leaders in financial and professional services feel "very prepared" for cyber risk in the U.S. In the U.K., less than a third of respondents in those respective industries feel the same, which might be due to longer-standing data privacy regulation, according to the report.

During last month's White House summit with tech and insurance executives, leaders agreed that if insurers can give companies more perspective and direction on their risk, security controls can be adjusted. If higher standards of security controls are met, theoretically insurers' profitability and customers' premiums will balance out.

Managing technology-related risks "effectively is less of an insurance play, and more a question of business leaders getting the right talent on board and making good and timely investments," the Beazley report said.

Yet, business executives are doing little to ensure a vendor's security, according to recent research from Venafi. Proper vendor scrutiny is still lacking, partially because tech professionals don't know if the responsibility falls under IT security or development.

Beazely concluded the survey's results for cyber were "both shocking and heartening." Despite how difficult defense is becoming, respondents feel able to anticipate and respond to threats.

The survey captures a sense of confidence in businesses' abilities to thwart an attack, even though the technology landscape as a whole invites new risk every day. Cloud-based technologies and compromised software are favored attack vectors for attackers, especially ransomware gangs. The more technology and vendors an organization has, the more susceptible to threats they are.

Comments are closed.