Cyber events increase for oil and gas orgs, now planning should, too

More oil and gas organizations (60 percent) reported “significant” cybersecurity events in 2017, up from 41 percent the previous year, according to Ernst & Young’s Global Information Security Survey, but just 17 percent feel comfortable detecting sophisticated cyberattacks.

Nearly all respondents (95 percent) say their cybersecurity efforts meet their organizational needs, even as the urgency is increasing. Greater adoption of connected devices in the industrial sector means that informational and operational technology have collided. With the industrial sector a key part of many supply chains, the time for attention to cyber-physical risks is now. The report indicated that while efforts to steal intellectual property, data, or finances have dropped for oil and gas organizations, malware and phishing efforts are on the rise.

“Sustained low oil prices are driving adoption of digitization across the O&G industry, ramping up the stakes for cybersecurity,” said Jeff Williams, EY global oil and gas advisory leader. “To protect critical information, an organization must not only address the security of the traditional IT and OT environments, it must also deal with the added complexities from the Internet of Things, while also integrating innovative digital business process disruptors, such as robotic process automation, blockchain and artificial intelligence. Never before has it been so important to ensure that security efforts are integrated into every facet of an organization’s operations. We call this ‘cyber fusion.’”