IT firm Q1 Labs and the Ponemon Institute announced the results of a study finding that more than 75 percent of global energy organisations surveyed admit to having suffered at least one data breach over the last 12 months. Furthermore, 69 percent of organisations feel a data breach is very likely or likely to occur over the next 12 months.
โState of IT Security: Study of Utilities and Energy Companiesโ was independently conducted by the Ponemon Institute, sponsored by Q1 Labs, and designed to better understand how global energy and utility organisations determine their state of readiness in the face of a plethora of information security, data protection and privacy risks.
The survey polled 291 IT and IT security practitioners in utilities and energy companies with an average of 11 years of experience; the work of participants in the study involves securing the organisationโs information assets, enterprise systems or critical infrastructure. The results show, according to the firms, a glaring disconnect between the C-suite of executives and those in the IT trenches when it comes to IT security.
โOne of the scariest points that jumped out at me is that it takes, on average, 22 days to detect insiders making unauthorized changes, showing just how vulnerable organisations are today,โ said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. โThese results show that energy and utilities organizations are struggling to identify the relevant issues that are plaguing their company from a security perspective. They have to bridge the gap between operations and IT, and make IT security a top priority within the organisation.โ
Additional findings of the study include:
71 per cent of IT security executives at global energy producers state that their executive management team does not understand or appreciate the value of IT security.
According to 43 percent of respondents, the top-ranked security threat their organization faces is negligent or malicious insiders and is the number one root cause of data breaches.
72pc say initiatives are not effective at getting actionable intelligence (such as real-time alerts, threat analysis and prioritisation) about actual and potential exploits.
A mere 21pc of global energy and utilities organizations feel that their existing controls are able to protect against exploits and attacks through smart grid and smart meter-connected systems.
Only 39% of energy producers state that their organizationโs security program is dedicated to detecting or preventing Advanced Persistent Threats.
67% of energy organizations are not using what would be considered โstate of the artโ technologies to minimize risks to SCADA networks.
โWe were really taken aback by some of the results โ especially that 71 percent of respondents believe that C-level executives donโt understand or appreciate security initiatives. This is further demonstrated by the statistic that the physical security budget is about 10X the information security budget,โ said Tom Turner, Senior Vice President of Marketing and Channels at Q1 Labs. โIT Security in these organizations has the challenging task of protecting Critical Infrastructure against breach. Against a backdrop of Wikileaks, the Nasdaq Hack, the RSA Breach, and the energy-specific Stuxnet virus, we have found that customers are crying out for Security Intelligence.โ
To view the โState of IT Security: Study of Utilities & Energy Companiesโ Executive Summary from Ponemon Institute visit Q1 Labsโ White Paper section of its website.
