Energy companies dedicating about 32 percent of their IT budgets and 26 percent of OT budgets to cybersecurity.
The UK energy sector is facing increasing cybersecurity risks as it undergoes rapid digital transformation and scales up infrastructure investment to support net zero goals.
According to research by Bridewell, 48 percent of energy organisations cite data protection and privacy as their top cyber challenges, while 62 percent have experienced a cyber breach or attack in the past 12 months. Despite this, only 12 percent cite “understanding their security posture” as a challenge, suggesting possible overconfidence or lack of visibility.
Malware was cited as the most significant threat to OT (39 percent), followed by AI and machine learning (31 percent) and phishing (29 percent). Insecure ICS/OT protocols, generic user accounts and inadequate backups were among the top internal risks.
Despite these risks, only around half of energy companies are outsourcing critical OT cyber security services like managed detection and incident response. Although many organisations claim confidence in their current IT and OT defences, belief in the security of their active OT environments is lower at 67 percent.
Budget pressures remain a challenge too, with energy companies dedicating about 32 percent of their IT budgets and 26 percent of OT budgets to cybersecurity.
“As billions pour into new infrastructure and digital systems, the sector’s exposure to cyber threats is escalating sharply due to an increase in connectivity as well as vulnerable legacy systems, underdeveloped cybersecurity capabilities and AI-driven threats that can expose critical infrastructure to heightened risk,” explained Martin Riley, CTO at Bridewell.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
