4 minute read 14 Feb 2019
woman using smartphone urban city

How utilities can sustain and enhance trust with their stakeholders

By

Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.

4 minute read 14 Feb 2019

Utilities must enhance trust with customers, regulators, investors and employees as they prepare for the risk and security challenges of tomorrow.  

The power and utilities (P&U) industry is undergoing unprecedented transformation. How utilities manage their risk will become critical to unlock the strategic upside of disruption. In this year’s EY Global Information Security Survey (GISS), P&U executives say that they are increasing the resources they devote to security. Yet, they remain deeply concerned about the potential scale and severity of adverse events.

 With the expansion of digital and the internet of things, utilities find it harder to monitor their complete ecosystem. At the same time, utilities need to derive actionable intelligence from their data by investing in the right tools and skills so that they can embrace disruption with confidence, build trust with stakeholders, and create business value and market differentiation.

Key findings

Utilities can build trust and confidence by protecting, optimizing and enabling

As P&U companies continue their journey toward a new energy world, they need to focus on both protecting the enterprise and supporting the business through new technologies to become more agile, innovative and confident. But this cannot come at the expense of the trust that they have built with key stakeholders over many years.

Utilities can enhance trust and build confidence by addressing three key challenges:

  1. Protect the enterprise. Identify critical assets across the enterprise, grid and customer domains and implement risk-informed layers of defense. The GISS reveals that well over a third (38%) of P&U respondents have a nonexistent or obsolete identity and access management program.
  2. Optimize cybersecurity. Stop low-value activities, increase efficiency and reinvest funds in emerging and innovative technologies, such as data analytics and robotic process automation (RPA), to enhance existing protection. Almost half (47%) of P&U respondents indicate a need for an increase of more than 25% in their cybersecurity budget to achieve management’s desired level of risk tolerance.
  3. Enable growth. Implement security-by-design as a key success factor for the digital transformations that most utilities are now going through. Only 14% of P&U respondents are confident that they have fully considered the security implications of their current strategy and that their risk operating model incorporates and monitors cyber threats, vulnerabilities and potential impacts.

Low levels of security certainty

14%

of P&U executives are confident that they have fully considered the security implications of their current digital strategy.

As we navigate the digitization of operations, establishing, sustaining and increasing trust needs to be at the heart of everything we do.

When properly managed for risk, digital technologies can help to protect, optimize and enable utilities

New and emerging technologies are playing a crucial role in utilities’ evolution. Digital technologies, such as cloud services, data analytics and RPA, are expected to have significant impacts on utility businesses and the future of risk and cybersecurity.

  • Cloud computing is becoming more prevalent as legacy systems are replaced due to significant advantages in scalability and upgrading, as well as business continuity and disaster recovery. With this shift, the right governance, risk and compliance measures need to be put in place to ensure cloud security. Almost three-quarters (73%) of P&U respondents expect to spend more on cloud cybersecurity in the next year compared with 57% across all industries.
  • Data analytics and increasingly automated processes will allow utilities to detect unusual behavior and respond to alerts more effectively, helping to reduce risk and improve security. More than half (56%) of P&U respondents plan to spend more on cybersecurity analytics in the next year compared with 48% across all industries.
  • RPA combined with security orchestration and automation can enhance the efficiency and sustainability of risk and compliance reporting by improving time-consuming processes in collecting, compiling, cleansing and summarizing large amounts of data. Almost half (45%) of P&U respondents expect to spend more on RPA security in the next year compared with only 25% across all industries.
Cybersecurity investment priorities in the next year

Adopting a more agile risk management framework, supported by new technologies, will allow utilities to respond to changing circumstances and take advantage of increased efficiencies and reduced costs to improve performance.

  • The 21st annual edition of the EY Global Information Security Survey captures the responses of over 1,400 C-suite leaders and information security and IT executives/managers, including 68 from the P&U sector. The research was conducted from April to July 2018.

    “Larger organizations” are defined in this report as organizations with annual revenues of US$1b or more. This group represents one-third of the total respondents to this survey. “Smaller organizations” are defined in this report as organizations with annual revenues below US$1b. This group represents two-thirds of the total respondents to this survey.

Summary

The P&U GISS investigates the most important cybersecurity issues facing utilities today. Analysis of 68 responses from P&U executives shows that many utilities are increasing the resources they devote to security. Yet, they remain deeply concerned about the potential scale and severity of adverse events. Utilities need to focus on both protecting the enterprise and enabling the business through new technologies to become more agile, innovative and confident. But this cannot come at the expense of the trust that they have built with key stakeholders over many years.

About this article

By

Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.