web analytics

Oil and Gas Firms Aware of Cyber Risks – Source: www.govinfosecurity.com

oil-and-gas-firms-aware-of-cyber-risks-–-source:-wwwgovinfosecurity.com
Rate this post

Source: www.govinfosecurity.com – Author:

Critical Infrastructure Security , Governance & Risk Management , Operational Technology (OT)

Sector Uses Multifactor, Eschews Cloud, Can’t Afford Cyber Insurance David Perera (@daveperera) • October 14, 2024    

Oil and Gas Firms Aware of Cyber Risks
This offshore oil platform probably isn’t covered by cyber insurance. (Image: Shutterstock)

The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody’s.

See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge

Paywalled research from the financial analysis firm published Monday that’s based on a 2023 survey of debt issuers in the nonrenewable energy sector found that more than nine in ten sector corporations employ dedicated cybersecurity staff. The number dips to slightly more than eight in 10 for midstream companies – the subsector responsible for transporting, storing and wholesale marketing of petroleum products. There is no obvious cause and the disparity isn’t meaningful, a Moody’s spokesperson said.

A quarter of surveyed companies also link CEO compensation to the achievement of cybersecurity goals, a figure that surpasses a global corporate average of just 18%. In integrated oil companies – corporations that handle all aspects of the business from exploration to distribution – that number jumps to two-thirds of CEOs.

All survey respondents said they have incident response plans and nine out of 10 said they test the plans at least once a year. More than eight in 10 use multifactor authentication for online resources such as email, a number that jumps to 10 out 10 for large integrated oil companies. Backup is a weaker area, with only 67% of sector respondents reporting that they regularly take backups, a number that’s lower than the corporate average of 81%.

The sector has experienced a clutch of high-profile attacks including a 2021 incident at Colonial Pipeline that resulted in brief gas shortages in the American Southeast. The attack shaped the then-nascent Biden administration’s approach to cybersecurity, catalyzing a multiyear, international effort targeted at disrupting the ransomware underground (see: LockBit and Evil Corp Targeted in Anti-Ransomware Crackdown).

Texas oil service giant Halliburton more recently told U.S. federal regulators that hackers stole data after the firm acknowledged “unauthorized activity” on its networks in late August. Spanish integrated multinational Repsol in September told natural gas customers that an incident at a third-party technology provider resulted in a breach of data including full names, national ID numbers and addresses.

“Energy sectors are particularly at risk for cyberattacks,” said Janko Lukac, a Moody’s vice president focused on the oil and gas sector, in an emailed statement. “Energy production and distribution is key for national security and hence a sensitive topic. If something goes materially wrong, there are potentially direct consequences for end consumers, as the Colonial Pipeline incident showed.”

High levels of cybersecurity awareness in the sector come paired with a cautious attitude toward cloud storage, survey results also found.

Nearly every surveyed company said they are turning to private cloud technology, but also said they are determined to keep It infrastructure on premises. Of those that do use public cloud computing, most tend to stick with one provider, with the exception of oil companies based in Europe, the Middle East and Africa. nearly two-thirds of representatives from those firms told Moody’s they use more than one provider.

Cyber insurance take up in the sector is below the corporate average of approximately 80%. Only half of sector firms carry the insurance – a datum explainable by high confidence in internal security and risk management practices. “The cost and quality of insurance products may also be factors,” Moody’s wrote.

“Based on conversations with the industry, it seems that potential damages can be quite costly (considering potential production losses/environmental damages). Due to the magnitude and severe consequences of some risks, it is often not economically viable to find decent insurance cover,” Lukac said.

Most cybersecurity customers complain about skyrocketing premiums, but rates have grown 315% between 2020 and 2022 in the oilfield services, according to Moody’s data. Overall sector premiums have grown by 70% during that period, a rate that exceeds a corporate average of 50%.

Original Post URL: https://www.govinfosecurity.com/oil-gas-firms-aware-cyber-risks-a-26525

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE
Federal Office for Information Security
El estado de la seguridad informática en Alemania en 2023
El estado de la seguridad...
Microsoft
GDPR & Generative AI
GDPR & Generative AI
European Union Agency for Fundamental Rights
GDPR IN PRACTICE
GDPR IN PRACTICE
FS.ISAC
Navigating Cyber
Navigating Cyber
KPMG
Fraud risk management
Fraud risk management
CYFIRMA
Fletchen Stealer
Fletchen Stealer
IGNITE Technologies
FILE TRANSFER CHEAT SHEET
FILE TRANSFER CHEAT SHEET
Securesee
CYBER CRISIS INVESTIGATION AND MANAGEMENT
CYBER CRISIS INVESTIGATION AND MANAGEMENT
ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys

More Latest Published Posts

Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense