IT Brief UK - Technology news for CIOs & IT decision-makers
Story image

Ransomware causes revenue loss for 47% of UK energy firms

Fri, 9th Aug 2024

New research from Bridewell indicates that 47% of businesses in the UK energy sector have experienced revenue loss due to downtime caused by ransomware attacks in the past year. The study surveyed 521 cyber security staff across various critical national infrastructure (CNI) organisations, including those in civil aviation, energy, transport, finance, and central government.

The findings highlight significant operational disruptions within the energy industry, with 45% of respondents reporting that their operations were adversely affected by ransomware attacks. Downtime arising from these attacks poses a substantial risk, potentially disrupting essential electricity and gas operations and endangering livelihoods.

The research also points to the prevalence of phishing attacks, which average 14 incidents per year in the energy sector. This dual threat is placing considerable pressure on the industry to bolster its cyber defences and response strategies. Phishing attacks are managed within an average timeframe of 8.99 hours, while ransomware attacks take an average of 14.84 hours to handle. Nation-state attacks present an even greater challenge, with response times averaging 18.77 hours.

Despite these challenges, energy companies are making significant efforts to enhance their cyber security measures. Nearly all organisations (94%) are now implementing AI-driven tools such as AI-enhanced data loss prevention and endpoint protection systems. Additionally, 51% of respondents expect to increase their IT security spending compared to the previous year.

Anthony Young, Chief Executive Officer of Bridewell, provided his insights on the findings: "The energy sector's role in global economies and society as a whole makes it a particularly vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused."

"With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits, and training programmes to futureproof its operations. It's promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to protect itself," Young concluded.

The report underscores the need for the energy sector to adopt more robust cyber defence mechanisms to mitigate the significant operational disruptions and economic damage caused by cyber threats. Additional investments in AI-driven solutions and increased expenditure on IT security are critical steps that the industry is taking to better safeguard its infrastructure and ensure continued operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X