Amidst an energy crisis, energy companies can't risk a cyberattack further damaging their reputations
It’s no secret that rapidly rising prices, spurred by Russia’s war in Ukraine, have inflicted damage on the reputations of energy companies. While the companies themselves may not have caused those rising prices, it’s their logos that consumers see on top of their energy bills every month.
It should hardly be surprising then that a survey by Populous found that just 16 percent of Britons view the energy sector positively. These are people, remember, who’ve found themselves in the midst of one of the worst cost-of-living crisis in decades. Millions of them have also, at some point in the past few months had to choose between heating their homes and eating.
While UK households are expected to see a significant drop in the energy cap from July, easing pressure on the cost of living, that’s unlikely to provide any significant reputational boost in the near future. It will, instead, take a lot of hard work over a long period of time for them to start regaining trust. The last thing they’d want as they look to do so is a massive cyberattack.
The reputational risk of cyberattacks
To those unfamiliar with the cybercrime space, that might sound surprising. After all, surely the biggest costs associated with cyberattacks come from business interruptions and monetary impact? But the reputational costs of a breach can be immense.
While a successful breach might not be enough to take down an energy company, it’s worth noting that data from the US Securities and Exchange Commission shows that half of small businesses that experience a cyberattack go under within six months. Energy companies might not fall that quickly but in an inflationary environment where people are already frustrated, the damage could be significant. That’s especially true when you factor in that consumers increasingly have other options available to them. The first few months of 2023 provided a powerful example of this, with the number of UK homes buying and installing solar panels reaching seven-year highs.
Trust and reputation also impact the customer’s choice to stay with a particular provider. In an industry with constant competition, where brand reputation is vital, declining trust means increasing numbers of customers are moving to alternative energy providers, and competition is fierce.
In this context, the last thing energy providers can afford is for customers to be questioning whether or not they can trust suppliers with their data, and what could lurk in their digital environments. In short, they cannot afford the ramifications of a cyber-attack. Should the attack result in a power outage, particularly a long one, then trust levels will only fall further, to the point where they really could bring down a company.
Such attacks are becoming increasingly likely too. According to Deloitte, the utilities sector saw a 46 percent increase in attacks in 2021. And that was before the war in Ukraine.
Building up the right levels of protection
It is vital, therefore, that utility companies adopt a proactive approach to cybersecurity, protecting the entire value chain. But how should they go about doing so?
In addition to bolstering their own cybersecurity teams and focusing on things like employee education initiatives, energy companies need to ensure that they partner with the right security providers.
Ideally, they should look for a provider that is not only capable of detecting and shutting down threats but which can actively identify them and alert their customers before they become a problem. Additionally, a good cybersecurity provider will have a strong track record of protecting business-critical applications in the energy sector.
Finally, with cyberattacks now a matter of "when, not if", it’s important for energy companies to find a cybersecurity provider that can help them put proactive breach response plans in place. Such a response will include everything from communicating with customers and deploying backups to the rapid rollout of prioritised patches to vulnerabilities. Get the response plan right and a company gives itself the opportunity to not only regain consumer trust but even strengthen the relationship.
Reduce the risks now
Taking these steps with a trusted cybersecurity provider isn’t something that utilities can afford to wait on either. The risks to their operations and reputations have never been higher. If power companies really want to restore their reputations, they cannot afford to adopt a wait-and-see approach. Instead, they should do everything in their power to prevent attacks and have a solid breach response plan in place in the event of a successful attack.
Mark Clark is VP Sales EMEA North, Onapsis.