Energy firms not doing enough to fend off cyber attacks

Reports that the energy sector is failing to get insurance cover against the risk of cyber attacks has drawn some criticism for the sector from security vendors

The revelation that power companies have been trying to seek insurance to cover the impact of a cyber attack has been seen by some in the channel as an admission by some large companies that they are not prepared to rely on security tools.

According to reports power companies, clear targets in any sort of nation-state backed cyber attack, are being turned away by insurers because they are not doing enough to try to protect their data.

On one level the situation presents an opportunity to those resellers with a vertical focus on the utility market but it also highlights how some large customers are failing to face up to their responsibilities to improve security.

"Everyone is well aware of the increasing cyber threat and it is therefore no surprise that more and more organisations are requesting insurance for the eventuality that they will be target.  What is a concern, however, is the fact that so many businesses are seeing this as a substitute and are clearly failing to adequately protect themselves as a first port of call – particularly those that manage our national infrastructure," said Ross Brewer, vice president for international markets at LogRhythm.

“It is clear that there is a miscommunication somewhere.  The government and other organisations have been very vocal about the rising cyber threat, yet companies are still not doing enough to protect their systems.  It is now essential that every business up and down the country has the mechanisms in place to proactively identify threats, respond and expedite forensic analysis in real-time," he added.

Dwayne Melancon, CTO of Tripwire, echoed Brewer and warned that the example of the decisions made around security by the energy companies was not something that helped protect data.

"Power companies are, in many cases, exhibiting some of the same traits I’ve seen from developers of new devices on “The Internet of Things.”  In other words, the power providers have made security tradeoffs either due to a lack of security expertise on staff, or due to inadequate resources to address security," he said.

"Hopefully, this determination by insurers will help move things in the right direction - rather than complaining that things aren’t as we like them to be, I’d prefer to see these realisations drive us toward a more beneficial set of actions to increase the security of this critical infrastructure," he added.

Read more on Threat Management Solutions and Services