Could cyber concerns stall uptake of smart energy technology and low carbon schemes? - PwC
Cyber risks associated with energy technology are high on the agenda for UK businesses with two- thirds (65 per cent) significantly concerned about the issue and over half (51 per cent) worried that their client data isn’t handled securely enough by their energy supplier, according to the latest PwC B2B Energy Survey.
The ongoing concern comes at a time when energy suppliers are delving ever deeper into smart energy technology for both corporate and domestic markets, with businesses actively weighing up the benefits of technological innovations to reduce energy costs and cut carbon emissions.
According to the survey of over 500 UK businesses, if their energy supplier fell victim to a cyber-breach, three in five (57 per cent) businesses, and almost 70 per cent of industrials, would switch supplier – a figure that should sound an alarm across the energy sector according to Steve Jennings, power and utilities leader at PwC.
He said: “Against a backdrop of technology innovation, privacy regulation, and the growing adoption of the Internet of Things, it’s perhaps not surprising that UK businesses are concerned about cyber threats – a finding that is mirrored in our recent CEO Survey 1 , where cyber ranked as a higher threat than the speed of technological change.
“With cybercriminals able to turn off the supply tap as well as monetise data from energy firm’s customer and employee digital records, the risk is clear and cannot be ignored.
“It’s vital that energy suppliers gain the confidence of their customers by clearly demonstrating their ability to not only identify innovative technologies but critically to enhance their cybersecurity capabilities to respond to a range of sector specific events that could increase vulnerability.”
Cyber security and data privacy are increasingly being recognised as risks to systems - from power stations to networks to smart meters - and business/consumer data held by suppliers, as well as any third party IT or financial alliances. In addition, the growth of smart, connected propositions related to distributed generation, batteries, electric vehicles and smart heating and lighting exposes new systems and controls to threats from external attackers.
Demonstrating the enormity of these risks, PwC and BAE Systems recently uncovered a global hacking group (APT10) which was targeting providers of managed outsourced IT services. This provided a route into their customers’ organisations around the world and gained them unprecedented access to intellectual property and sensitive data. This indirect approach of reaching many through only a few targets demonstrates a new level of maturity in cyber espionage – and is one that should also serve as a call to action for suppliers.
According to PwC cyber specialist Niko Kalfigkopoulos, there are a number of steps smart energy suppliers can take to ensure they are operating at a high level of cyber security maturity and , crucially, give their customers’ much needed reassurance that their data and security of supply is protected.
With suppliers increasingly focused on analysing energy consumption and user behaviours to drive business decisions, many are now combining data from smart meters and connected homes devices into a single data warehouse – or data lake.
While encryption is key to protecting this data, suppliers continue to place a large amount of reliance on security mechanisms provided by third parties and there is uncertainty as to the effectiveness of these mechanisms. As a result, suppliers should consider only partnering with trusted third parties and allowing just a small number of these smart devices to connect to their ecosystem, a move that could minimise the risk from rogue devices.
Other suggested strategies include:
Mr Kalfigkopoulos, said: “With around a third of industrials and over a fifth of commercial organisations planning to spend more than £1m on smart energy technology, the need for utilities - and smart technology suppliers in general - to get their cyber house in order is vital. Those organisations that react now with effective and transparent strategies will be the winners in the long run.
“This will not only help them in defending their own internal systems, it will also help improve the security of their Connected Home and smart technology offerings.”