Cybersecurity has been identified as the top risk for the energy industry, new research suggests, with 65% of professionals in the sector citing it as the greatest threat to their operations. According to a new report from DNV Cyber based on the inputs of 375 energy professionals, 71% of respondents expect their organisations to increase cybersecurity investments in 2025.
The study highlights an increasing focus on operational technology (OT) security, critical for managing and automating physical assets in energy operations. A growing 71% of respondents acknowledged that their organisations are more exposed to OT-related cyber risks than ever before, up from 64% in 2023. Despite this heightened awareness, 57% admitted that their OT security defences remain behind their IT protections. In response, 67% of professionals anticipate a rise in OT security investments in the coming year.
“Even as the energy industry becomes more mature in its cybersecurity posture, it must continue to strengthen and adapt to remain resilient against a growing number of increasingly sophisticated threats,” said DNV Cyber’s industrial and OT cybersecurity director Auke Huistra. “From attacks on supply chains, recruitment of malicious insiders, and the use of AI, adversaries are upping their game and the energy industry needs to keep up.”
Global instability has amplified concerns across the sector, with 75% of respondents reporting an increased focus on cybersecurity due to geopolitical tensions. The study recorded a rise in concerns over cyberattacks potentially directed by foreign powers, with 72% of professionals expressing fears in this area, compared to 62% in 2023. Similarly, worries over cyber-criminal gangs have surged to 79%, a significant increase from 50% recorded in the previous year.
The report reveals progress in cybersecurity awareness at both leadership and operational levels. Among respondents, 78% expressed confidence that their leadership teams sufficiently understand cyber risks. Employee training initiatives have also demonstrated positive outcomes, with 84% of workers stating they are prepared to respond to potential cyber threats. However, challenges persist, as 76% of respondents believe current training efforts are insufficient to counter increasingly advanced cyberattacks.
The energy sector continues to face challenges in securing its supply chains. While 53% of respondents indicated that cybersecurity measures are integrated into procurement processes, only 16% expressed confidence in their organisation’s ability to monitor supply chain vulnerabilities comprehensively. Furthermore, 34% of professionals suspect that breaches may go undetected among suppliers, illustrating gaps in oversight across the supply chain.
The adoption of digital technologies to drive the energy transition has introduced additional cybersecurity challenges. Nearly half (49%) of respondents agreed that organisations must accept some degree of additional cyber risk as part of the push for innovation. Increased connectivity across systems and reliance on third-party tools have broadened the sector’s exposure to potential threats.
AI poses new challenges in cybersecurity
The use of generative AI (Gen AI) by cybercriminals has introduced complexities in identifying and mitigating attacks. According to the report, 66% of respondents stated that AI-driven phishing attempts have made it more challenging to distinguish between genuine and fraudulent communications. Additionally, 47% of professionals expressed concerns that their organisations might fall behind adversaries unless AI is integrated into their cybersecurity strategies.
In late 2024, a report from the Capgemini Research Institute revealed that 97% of surveyed organisations suffered at least one security breach linked to generative AI within the past year. This report also found that over 90% of respondents experienced a cybersecurity breach in the past year, a substantial increase from 51% in 2021. Furthermore, nearly half of these organisations estimated financial losses exceeding $50m over the last three years.
Read more: 97% of organisations hit by Gen AI-related security breaches, survey finds
