Are utilities doing enough to protect themselves from cyberattack?

Wind turbines are pictured in this multiple exposure at the German village of Feldheim February 21, 2013. Feldheim, a 60-minute drive south of Berlin and home to about 125 people, is Germany's first and only energy self-sufficient village. Germany is a world leader in renewable energy and derives a quarter of its electricity from renewables, but rising prices have turned into a major political issue ahead of the election. Picture taken February 21, 2013.

Utility companies are facing a perfect storm Image: REUTERS/Tobias Schwarz

Leo Simonovich
Vice-President; Global Head, Industrial Cyber and Digital Security, Siemens Energy
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: World Economic Forum Annual Meeting
  • Cyberthreats to utility companies are becoming more severe.
  • A new survey suggests 54% of utilities expect a cyberattack in 2020.
  • Strategic collaboration is the key to an effective industry response.

For companies pushing the bounds of innovation in the utility industry, information technology (IT) has increasingly acted as its eyes and ears, leveraging big data, advanced analytics and cloud computing to provide an understanding of real-time operating environments in fleets that may stretch tens or even hundreds of miles.

Utilities also use IT to control and balance operational technology (OT) – like distributed wind, solar and energy-storage assets with centralized power generation – to reduce emissions, improve efficiency and reduce costs for customers. The digitalization of OT assets for global utilities has opened seemingly endless opportunities. However, it has also exposed the vulnerability of critical infrastructure to cyberattacks.

Have you read?

A recently released cybersecurity report by Siemens and the Ponemon Institute explores this risk. It found that cyberthreats to utilities’ OT are growing more severe and sophisticated. It also assesses the industry’s readiness to address future attacks and puts forward solutions to help the industry secure critical infrastructure.

Clearly, the threat isn’t on the horizon. It’s already on the doorstep. Fifty-four percent of the 1,726 utility professionals surveyed — representing electric utilities around the world with gas, solar and wind portfolios, as well as water utilities — expect at least one cyberattack on critical infrastructure within the next year. A slightly larger majority reported experiences with a shutdown or loss of operational data annually.

As the survey results show, attacks on critical infrastructure are a current and growing threat
As the survey results show, attacks on critical infrastructure are a current and growing threat Image: Siemens

Utilities are facing a perfect storm. Just as the industry is undergoing a digital transformation to modernize legacy equipment, prepare for a more distributed energy landscape with greater renewable integration, and protect customers against disruptions in service, cyberattacks have the potential to cause severe financial, environmental and infrastructure damage. But that shouldn’t deter efforts to realize the possibilities offered by the Fourth Industrial Revolution, including making investments to transform the sector that will bring power to the world and reduce emissions.

The troubling results in this report should instead drive utility industry executives, managers and security professionals alike to hold the necessary discussions that will lead to productive action for the safety and security of companies and our critical infrastructure. By identifying tough pain points and vulnerabilities, we can build awareness and share best practices to eliminate them.

And it’s apparent more must be done. Less than one-third of survey respondents assessed their readiness as ‘high’ if faced with containing a breach. Smaller organizations, in particular, were among those most deeply concerned with their cybersecurity capabilities. Across the industry, recruiting the right personnel and going beyond required compliance to adopt risk-based strategies is necessary to respond to an evolving threat environment.

A lack of trained personnel is hampering response times
A lack of trained personnel is hampering response times Image: Siemens

The frameworks that the report outlines are a helpful and vital starting point for meeting current challenges. They emphasize the importance of utilities thoroughly knowing their systems and what they’re doing. That includes identifying how their systems are connected and employing professionals with the skills to strengthen and maintain those systems’ defenses.

The report also recommends the need for fortified systems and a ready response strategy if an attack is detected. Specifically, the adoption of digital tools like AI and big-data analytics can offer an effective way to enhance detection capabilities. In addition, it’s essential for utilities to devote specific leadership attention to OT security so that awareness is amplified and capabilities to thwart attacks continue to evolve.

This work is just beginning, but the arena in which we will fight the cyberattacks on our utilities is coming into clearer focus. With strategic and collaborative action – and honest discussion and assessment – we can meet risks with readiness and resiliency, giving utilities more confidence and peace of mind that their OT and IT components are well protected.

Leo Simonovich is part of the World Economic Forum’s ‘Systems of Cyber Resilience: Electricity’ community.


What is the World Economic Forum doing about making our electricity ecosystem cyber resilient?

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityForum InstitutionalEnergy TransitionFourth Industrial Revolution
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum