Oil and gas sector must adapt now to rising cybersecurity threat

London, 14 December 2017

  • Share
  • 60% of organizations surveyed recently suffered a significant cyber incident
  • Only 17% feel confident they would detect a sophisticated cyber attack
  • Cybersecurity issues are rising on the oil and gas boardroom agenda

Sixty percent of oil and gas organizations have experienced a recent significant cybersecurity incident, up from 41% last year, according to the latest EY Oil and Gas Global Information Security Survey 2017-18 (GISS), Cybersecurity regained: preparing to face cyber attacks. Yet only 17% feel assured they would have the means to detect a sophisticated cyber attack, while 95% say their cybersecurity function does not fully meet their organization’s needs.

The pace of digitization across the oil and gas sector is expected to accelerate in the next decade, in part as a means to improve efficiency in response to sustained low oil prices. According to new EY commentary, Digitization and the rise of cyber-physical risks, increasing adoption of the Industrial Internet of Things (IIoT) and the convergence of information and operational technology has increased businesses’ exposure to new cyber-physical risks – those that could jeopardize the entire supply chain and disrupt regional sector operations.

Jeff Williams, EY Global Oil & Gas Advisory Leader, says:

“As more connected endpoint devices such as smart sensors are being deployed across the oil and gas industry, the potential for cyber infiltration rises exponentially, potentially placing the entire supply chain at risk, disrupting regional operations, or worse, causing loss of life. Our latest Oil and Gas Global Information Security Survey findings indicate that cyber-physical risks are not currently being effectively identified, tracked or monitored across the sector, leaving organizations increasingly exposed.”

The oil and gas GISS report further reveals that 63% of organizations (up from 58% last year) say an attack that did not appear to have caused harm would be unlikely to prompt an increase in their cybersecurity budget, and most (97%) do not evaluate the financial impact of all significant breaches.

Meanwhile, only 13% of organizations say they have fully considered the information security implications of their current strategy and plans. And nearly half (48%) acknowledge that it will be challenging to ensure that their implemented security controls are meeting today’s requirements.

Williams says: “The survey highlights that many oil and gas companies are in the early stages of their digital transformation and information security journeys. Understanding the threats new technologies bring is critical for planning the long-term success and resilience of sector operations. Organizations need to take a proactive approach to cybersecurity now, to avoid major vulnerabilities at a later stage.”

The majority (78%) of GISS oil and gas respondents consider careless members of staff as the most likely source of an attack, while 50% say a lack of skilled resources is challenging information security’s contribution and value to their organizations. However, the survey indicates that cybersecurity is rising on the boardroom agenda across the sector, with 46% stating that they feel the whole board is knowledgeable about information security – up from 31% last year.

- Ends -

Notes to Editors

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

How EY’s Global Oil & Gas Sector can help your business

The oil and gas sector is constantly changing. Increasingly uncertain energy policies, geopolitical complexities, cost management and climate change all present significant challenges. EY’s Global Oil & Gas Sector supports a global network of more than 10,000 oil and gas professionals with extensive experience in providing assurance, tax, transaction and advisory services across the upstream, midstream, downstream and oil field subsectors. The Sector team works to anticipate market trends, execute the mobility of our global resources and articulate points of view on relevant sector issues. With our deep sector focus, we can help your organization drive down costs and compete more effectively.

For more information, please visit ey.com/oilandgas.

About the EY Global Information Security Survey 2017-18

EY’s 20th Global Information Security Survey captures the responses of nearly 1,200 C-suite leaders and information security and IT executives/managers, representing many of the world’s largest and most recognized global organizations. The research was conducted between June-September 2017.

For more information, please visit ey.com/giss.