A lack of skilled cybersecurity professionals is adding to vulnerabilities in the energy sector. Image: Unsplash/fresonneveld
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:
Listen to the article
- The number of weekly cyberattacks on energy companies has doubled since 2020.
- A lack of skilled cybersecurity professionals is adding to vulnerabilities in the energy sector.
- The Forum’s latest Global Security Cybersecurity Outlook offers potential solutions to help close the skills gap.
An instant and endless supply of electricity is taken for granted in many parts of the world. The flick of a switch powers the work and family lives of billions of people.
The true scale of cyberattacks on critical energy infrastructure is unknown, as some incidents go undetected or are not reported. However, data from the IEA shows a dramatic rise in the targeting of utilities including power, gas and water supplies. The number of weekly cyberattacks rose from 499 in 2022 to 1101 in 2022.
The consequences of a cyberattack on a power grid can be far-reaching. Beyond the loss of the energy supply, attacks can compromise customer data including their names, addresses, banking details and phone numbers.
Stepping up digital defences
Industry research shows that utility companies are spending an average of 8% of their total IT budget on cybersecurity – but the number of attacks is outpacing spending. Perhaps the most critical weakness in the digital defences of power companies is a lack of skilled professionals to fill cybersecurity roles.
Across global industry as a whole, there are 3.4 million unfilled cybersecurity jobs, according to an analysis by cybersecurity experts Fortinet. This yawning skills gap is undermining efforts to counter cyberattacks.
This global skills gap requires a global solution across the energy ecosystem. The World Economic Forum’s Centre for Cybersecurity is convening leaders from industry, academia and civil society to collaborate on solutions. The Systems of Cyber Resilience: Electricity Initiative has helped bolster the cyber resilience of the global electricity infrastructure. This multistakeholder community will now serve as a global exchange platform for cybersecurity leaders in the electricity sector.
Getting smarter with cybersecurity recruitment
The IEA suggests power companies lack long-term strategies for hiring cybersecurity specialists and developing digital defence skills in-house. Instead, these companies operate reactively when perceived threat levels increase.
How is the Forum tackling global cybersecurity challenges?
As the chart above shows, job postings for cybersecurity specialists in North America tend to rise sharply following major cyberattack incidents. Despite these recruitment surges, data shows the proportion of cybersecurity security job postings by energy companies is falling behind other industries such as banking and finance.
The IEA also reports a salary gap between industries, stating, “available data for the United States, Canada and the United Kingdom suggests salaries offered by power utilities in cybersecurity job postings are among the lowest for the occupation”.
Closing the cybersecurity skills gap
The World Economic Forum’s Global Cybersecurity Outlook 2023 suggests pathways for increasing the talent pool of cybersecurity specialists. One solution is to democratize access to the industry.
The report says industry must “expand and promote inclusion and diversity efforts within cyber recruitment. Underrepresented groups in cybersecurity such as women, people of colour and those with informal educations have been continually discouraged from technical careers through societal expectations and perceptions of cybersecurity work culture”. The Forum has launched an initiative to raise c-suite awareness of the cybersecurity talent crisis and its implications, and to define strategies to strengthen the talent pipeline.
Secure power for a more secure world
The war in Ukraine has highlighted the extent to which the global economy is reliant on interconnected energy systems. With digital threats to these networks growing, the IEA is urging companies to adopt digital defence strategies as a core pillar of their operations.
“It is essential”, says the IEA, “that every power utility, big or small, includes cybersecurity as a core element of their business strategy and ensures access to in-house cybersecurity professionals and their skills, continuously updating them and ensuring talent retention”.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
The views expressed in this article are those of the author alone and not the World Economic Forum.
More on CybersecuritySee all
February 22, 2024
February 21, 2024
February 21, 2024
February 19, 2024
February 15, 2024
February 15, 2024