Dubai: The threat of a cyberattack on the energy industry looms large, according to executives surveyed by Marsh, the risk and insurance firm.
Energy professionals are increasingly concerned about the impact of cyberattacks on their operations. Over 76 per cent of respondents cited business interruption as the most concerning consequence of a cyberattack for the energy industry.
They expressed concern over the heightened risk any disruptive event could have on production and revenues.
The survey makes up part of Marsh’s report, Could Energy Industry Dynamics Be Creating an Impending Cyber Storm?, released on Tuesday at the company’s bi-annual Energy Industry Conference in Dubai.
Over a quarter of respondents surveyed said they were aware that their company had been hit by a successful cyberattack in the past 12 months, the report showed.
However, despite more than half of the energy executives naming cyber as a top-five risk, 54 per cent of respondents had not quantified, or did not know, what their worst possible loss exposures could be.
The energy industry plans to invest more in cyber risk management, according to Marsh, with 77 per cent of energy executives saying their organisations will increase levels of investment in cyber risk management, while 26 per cent plan to purchase or increase their cyber insurance.
Andrew Herring, the head of Marsh’s regional energy and power business, said: “As the energy industry relies more on interconnectivity as a result of greater digitalisation, the potential for cyber-attacks to cause severe disruption to operations, loss of data, and, consequently, high financial losses, should be a key concern for energy executives.”
He added that it was it was worrying that over half questioned had yet to quantify their exposures.
Speaking to Gulf News on Tuesday, the chief executive of Saudi Arabian chemicals and metals conglomerate National Industrialisation Co (Tasnee), Mutlaq Al Morished, confirmed that the kingdom’s industrial companies were being bombarded on a daily basis by cyberattacks.
Asked if Iran was responsible for the bulk of these attacks, as many analysts and politicians have suggested, Al Morished declined to say.
“I have no clue. I don’t think anybody can tell you with 100 per cent accuracy,” he said, adding: “Frankly, for me as a manufacturing guy, it affects my business if it comes from Iran or the Moon, so I don’t care where it’s from.”
On how he was combating these attacks, Al Morished said he was moving his multibillion dollar business to the cloud.
“We are moving away from dedicated servers where all the attacks are being done,” he said.
This process was being aided by “the best in the industry, from Microsoft to SAP,” Al Morished added.
The CEO said that his company was also focusing on the human element: “That’s where most of the crazy things come from.”
“If you look at what is common with all these things, it’s a human factor. Someone opened and attachment they shouldn’t have done,” he said. “So we’re trying to educate people.”
In January 2017, a number of Saudi companies were hit by a virus known as Shamoon, hitting the Sadara Chemical Co, a Jubail-based company jointly owned by Saudi Aramco and Dow Chemical, and a number of other petrochemical facilities in Jubail. The virus had previously destroyed over 40,000 records at Saudi Aramco in 2012
