Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards
Cyber resilience is a challenge for all organisations, but, due to its vital role as a societal backbone, it is of particular importance for the electricity ecosystem.
The power grid is an increasingly popular target for cyber threat actors: including hacktivists with the aim of causing civil unrest or state-sponsored groups performing espionage activities. Moreover, electricity organizations operate in an interconnected and interdependent environment where the consequences of a cyber attack on one can cascade to numerous others. Combatting this growing risk requires leaders to shift their thinking on cyber resilience in two fundamental ways:
1. Understand that cyber risk is a business and ecosystem-wide risk – not an IT risk – and integrate cyber risk management into all business decisions
2. Understand that managing cyber risk in such an interconnected environment requires that leaders think beyond the cyber resilience of their own “houses”, towards the cyber resilience of the broader “neighbourhood” of suppliers, customers, competitors, peers, and regulators among others.
This report developed by the World Economic Forum in collaboration with electricity industry partners and Boston Consulting Group offers principles to help board members meet the unique challenges of managing cyber risk in the electricity ecosystem.
Cyber resilience is a challenge for all organisations, but, due to its vital role as a societal backbone, it is of particular importance for the electricity ecosystem.
The power grid is an increasingly popular target for cyber threat actors: including hacktivists with the aim of causing civil unrest or state-sponsored groups performing espionage activities. Moreover, electricity organizations operate in an interconnected and interdependent environment where the consequences of a cyber attack on one can cascade to numerous others. Combatting this growing risk requires leaders to shift their thinking on cyber resilience in two fundamental ways:
1. Understand that cyber risk is a business and ecosystem-wide risk – not an IT risk – and integrate cyber risk management into all business decisions
2. Understand that managing cyber risk in such an interconnected environment requires that leaders think beyond the cyber resilience of their own “houses”, towards the cyber resilience of the broader “neighbourhood” of suppliers, customers, competitors, peers, and regulators among others.
This report developed by the World Economic Forum in collaboration with electricity industry partners and Boston Consulting Group offers principles to help board members meet the unique challenges of managing cyber risk in the electricity ecosystem.
Further reading
All related content 
Strengthening the cybersecurity of the power grid
This Forum brings together global cybersecurity leaders to collaborate on cybersecurity in the energy industry and improve the cyber resilience of the power grid.
Hackers are causing blackouts. It's time to boost our cyber resilience
A well-orchestrated cyber attack on electricity infrastructure would result in damages to households, businesses and vital institutions.