Powering cyber resilience in the energy sector

Technology changes are rapidly driving energy-sector growth and changing how energy is produced, moved and stored as demand increases and companies pursue hybridization, asset diversification and partnerships.

At the same time, escalating cybersecurity threats against energy infrastructure are making cyber resilience a necessary component of continued growth.

Addressing these changing needs requires greater collaboration across the energy sector to build resilience into energy systems.

The International Energy Agency's (IEA) Global Energy Review shows global demand for energy rose 2.2% last year, an increase compared to the past decade. Within that growth, the sources and uses of new energy production capacity are transitioning.

Electricity demand is growing faster than overall energy demand, with renewable energy providing the largest share of that growth. New nuclear power is under construction in key markets like India and China, along with new interest and new technologies ranging from small modular reactors to molten salt reactors to private-sector fusion power under development in the US.

Growth in energy demand and changes in the energy technologies that meet that demand are interconnected. For example, the widespread adoption of artificial intelligence (AI) across many industries increases demand for electricity, while automation and AI offer new opportunities for forecasting and optimization.

At the same time, producing a larger proportion of energy from renewable sources creates an increased need to manage variable outputs through strategies like battery storage or electrolysis to produce clean hydrogen.

Meanwhile, electric vehicle fleets increase electricity demand and can enable optimization for price or time of use. Hybrid facilities and fleets enable optimization for financial performance, emissions or energy efficiency.

Energy operators can select which assets should produce power in any given hour based on weather forecasts and demand projections, and can meet requirements that unlock additional revenue streams like ancillary service markets.

For example, pairing wind power with electrolysis or battery storage can help avoid curtailment to maximize the useful energy produced by wind assets. When wind produces more power than the local grid can absorb, electricity can be converted and stored for later use. Similarly, pairing solar production with gas turbine peaker plants – which run when there is a high energy demand – can maximize the financial performance of both.

Relying on solar power as the primary energy source minimizes exposure to fuel costs, while the presence of the peaker plant ensures that the facility can spin up additional power production if demand exceeds solar resources on a particular day.

As the physical systems that extract, refine, produce and distribute energy – collectively known as operating technologies (OT) – are increasingly managed through digital controls and connected to digital networks, cybersecurity becomes more important. Cyberattacks can disrupt workflows at the core of the mission, and the revenue engine, of energy companies.

Whether motivated by criminal intent or geopolitical interests, attackers see energy infrastructure as a high-value target.

The 2021 Colonial Pipeline attack, for example, highlighted how cyberattacks against energy systems can disrupt physical systems and the economies that depend on them. Without the ability to quickly determine the extent of the cyber incident, the pipeline halted operations for a week.

More recently, the April 2025 power outage affecting Portugal and Spain showed how instability can propagate across electric grid interconnections, resulting in disruptions to millions of lives and livelihoods. Although the cause of this incident remained unknown at the time of writing, infrastructure operators must ensure that future cyberattacks cannot intentionally produce the same effects.

Known cyberattacks have disrupted German wind power, and targeted original equipment manufacturers and major oil companies. Today’s energy sector organizations must build and operate their infrastructure with the expectation they will be continuously targeted.

At the same time, energy systems have become more technically challenging to secure. Achieving the efficiency and financial gains made possible by hybrid fleets, automation and optimization strategies requires managing complex interactions.

Operators of operational technology and cybersecurity analysts often must connect and secure systems not designed to communicate with one another, made by different manufacturers, or with customer-facing endpoints.

AI innovation continues to accelerate changes in the operational technology cybersecurity landscape. Understanding how to protect AI assets and harness AI for cybersecurity is essential to protecting the digitized assets that now permeate energy sector supply chains.

The industry must also brace for malicious uses of AI. Generative AI is already used to create phishing attacks and deepfakes up to and including video impersonations of company leadership.

Regulators have so far responded to the changing cybersecurity landscape with an increased emphasis on creating visibility into critical infrastructure. With stronger visibility, operators are more likely to detect cyber incidents quickly and better able to determine the extent of cyber incidents and the steps required for response and recovery.

To comply with new regulations like the EU's Network and Information Security Directive 2 cybersecurity regulation, many companies will need to deploy or improve these capabilities.

Collaboration helps energy organizations achieve and sustain greater cybersecurity maturity. Maturing cybersecurity for equipment manufacturers, suppliers, third-party contractors and customers helps reduce the risk that their business partners will become vectors for attack against hardened targets.

Sharing best practices and threat information helps organizations understand the steps needed to keep up with the constantly changing threat environment.

The World Economic Forum contributes to this stronger cybersecurity ecosystem by convening energy sector leaders to share best practices as part of the Systems of Cyber Resilience: Electricity Initiative. These multistakeholder discussions enable leaders to share their approaches to governance, innovation, information sharing, supply chain security, operational technology monitoring and quantifying risk.

Collaborations around information sharing and joint exercises can strengthen energy ecosystems, as sharing intelligence reduces the value attackers can gain from novel exploits. Organizations that identify a novel attack and share its characteristics enable other participants to harden their infrastructure against copycat attacks, reducing the number of times attackers succeed. This is the purpose behind many government-issued cybersecurity warnings, and is often a lesson noted in after-action reports.

Joint exercises help build the relationships that leaders will rely on during real cyber incidents and can enable leaders to identify and address gaps in recovery and resilience plans before a crisis occurs.

The forces driving energy markets and digital innovation will continue to change the threat environment for energy sector cybersecurity. With growing demand for energy, the stakes will only get higher. Answering the challenges posed by cybersecurity will call for increased collaboration across the energy sector.