Is the energy sector prepared for cyber breaches?

A lack of skilled cybersecurity professionals is adding to vulnerabilities in the energy sector.

A lack of skilled cybersecurity professionals is adding to vulnerabilities in the energy sector. Image: Unsplash/fresonneveld

Simon Torkington
Senior Writer, Forum Agenda
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Annual Meeting on Cybersecurity

Listen to the article

  • The number of weekly cyberattacks on energy companies has doubled since 2020.
  • A lack of skilled cybersecurity professionals is adding to vulnerabilities in the energy sector.
  • The Forum’s latest Global Security Cybersecurity Outlook offers potential solutions to help close the skills gap.

An instant and endless supply of electricity is taken for granted in many parts of the world. The flick of a switch powers the work and family lives of billions of people.

But the energy systems that underpin entire economies are facing “an unprecedented threat” from cyberattacks, according to the International Energy Agency (IEA).

The true scale of cyberattacks on critical energy infrastructure is unknown, as some incidents go undetected or are not reported. However, data from the IEA shows a dramatic rise in the targeting of utilities including power, gas and water supplies. The number of weekly cyberattacks rose from 499 in 2022 to 1101 in 2022.

Average number of weekly cyberattacks per organisation in selected industries, 2020-2022
The number of cyberattacks on critical energy infrastructure has doubled since 2020. Image: IEA

The consequences of a cyberattack on a power grid can be far-reaching. Beyond the loss of the energy supply, attacks can compromise customer data including their names, addresses, banking details and phone numbers.

Stepping up digital defences

Industry research shows that utility companies are spending an average of 8% of their total IT budget on cybersecurity – but the number of attacks is outpacing spending. Perhaps the most critical weakness in the digital defences of power companies is a lack of skilled professionals to fill cybersecurity roles.

Across global industry as a whole, there are 3.4 million unfilled cybersecurity jobs, according to an analysis by cybersecurity experts Fortinet. This yawning skills gap is undermining efforts to counter cyberattacks.

Infographic illustrating the cybersecurity skills in high demand.
A lack of cybersecurity professionals is increasing vulnerability to attacks. Image: Fortinet

This global skills gap requires a global solution across the energy ecosystem. The World Economic Forum’s Centre for Cybersecurity is convening leaders from industry, academia and civil society to collaborate on solutions. The Systems of Cyber Resilience: Electricity Initiative has helped bolster the cyber resilience of the global electricity infrastructure. This multistakeholder community will now serve as a global exchange platform for cybersecurity leaders in the electricity sector.

Getting smarter with cybersecurity recruitment

The IEA suggests power companies lack long-term strategies for hiring cybersecurity specialists and developing digital defence skills in-house. Instead, these companies operate reactively when perceived threat levels increase.

Cybersecurity professionals job postings before and after a cyberattack in United States power utility two, Feb 2016- Feb 2020
Job postings for IT security specialists tend to spike following major cyberattacks. Image: IEA

How is the Forum tackling global cybersecurity challenges?

As the chart above shows, job postings for cybersecurity specialists in North America tend to rise sharply following major cyberattack incidents. Despite these recruitment surges, data shows the proportion of cybersecurity security job postings by energy companies is falling behind other industries such as banking and finance.

The IEA also reports a salary gap between industries, stating, “available data for the United States, Canada and the United Kingdom suggests salaries offered by power utilities in cybersecurity job postings are among the lowest for the occupation”.

Closing the cybersecurity skills gap

The World Economic Forum’s Global Cybersecurity Outlook 2023 suggests pathways for increasing the talent pool of cybersecurity specialists. One solution is to democratize access to the industry.

The report says industry must “expand and promote inclusion and diversity efforts within cyber recruitment. Underrepresented groups in cybersecurity such as women, people of colour and those with informal educations have been continually discouraged from technical careers through societal expectations and perceptions of cybersecurity work culture”. The Forum has launched an initiative to raise c-suite awareness of the cybersecurity talent crisis and its implications, and to define strategies to strengthen the talent pipeline.

Secure power for a more secure world

The war in Ukraine has highlighted the extent to which the global economy is reliant on interconnected energy systems. With digital threats to these networks growing, the IEA is urging companies to adopt digital defence strategies as a core pillar of their operations.

“It is essential”, says the IEA, “that every power utility, big or small, includes cybersecurity as a core element of their business strategy and ensures access to in-house cybersecurity professionals and their skills, continuously updating them and ensuring talent retention”.

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEnergy Transition
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

'Operation Cronos' seizes major cybercrime group – and other cybersecurity news to know this month

Akshay Joshi

February 21, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum